In association with heise online

30 May 2008, 09:56

Hole in Creative ActiveX module

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security services provider eEye has discovered a security hole in an ActiveX auto-updater module that is installed by the software supplied with many Creative devices. The hole enables attackers to inject malicious code. eEye warns that exploit code is publicly available.

The AutoUpdate Engine is provided by the file CTSUEng.ocx. On installation, the Safe For Scripting and Safe For Initialization flags are set, allowing the ActiveX module to connect with web sites in Internet Explorer. According to eEye, a stack buffer overflow can occur if crafted values for the CacheFolder are processed.

No update is yet available from Creative. Users can protect themselves by completely disabling the execution of ActiveX in the internet zone – given the great number of security holes in a variety of ActiveX modules, this is a good general policy. Alternatively you can set the kill bit for the ClassID {0A5FD7C5-A45C-49FC-ADB5-9952547D5715}. David Maynor has extended his AxBan tool so that it can set the kill bit for the Creative ActiveX module. In response to many requests, Maynor has also included functionality that allows a user to unset the kill bit again.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit