InterActual ActiveX allows system intrusion
Security services provider Secunia has reported a security vulnerability in an ActiveX module installed by InterActual Player and CinePlayer, with which an attacker could inject malicious code using specially prepared web pages. The software is often found on film DVDs and offers additional features such as access to online content.
Web pages which integrate the IASystemInfo.dll ActiveX components can cause a buffer overflow by passing a string of more than 260 characters for the ApplicationType value. This can be used to inject malicious code. According to Secunia, InterActual is working on an update. Until this is available, it is advisable to set the kill-bit for this ActiveX module.
- InterActual Player / CinePlayer IASystemInfo.dll ActiveX Control Buffer Overflow, security advisory from Secunia
- Website for InterActual Player with download
(ehe)