In association with heise online

21 March 2007, 16:18

InterActual ActiveX allows system intrusion

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security services provider Secunia has reported a security vulnerability in an ActiveX module installed by InterActual Player and CinePlayer, with which an attacker could inject malicious code using specially prepared web pages. The software is often found on film DVDs and offers additional features such as access to online content.

Web pages which integrate the IASystemInfo.dll ActiveX components can cause a buffer overflow by passing a string of more than 260 characters for the ApplicationType value. This can be used to inject malicious code. According to Secunia, InterActual is working on an update. Until this is available, it is advisable to set the kill-bit for this ActiveX module.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit