[Full-disclosure] Move Networks Quantum Streaming Player UploadLogs() Buffer Overflow

From: "Elazar Broad" <elazar@xxxxxxxxxxxx>
Date: Tue, 26 Feb 2008 00:30:09 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Who:
Move Networks
http://www.movenetworks.com/

What:
Move Networks is a streaming media provider who's clients include
Fox, ABC, ESPN etc. They employ an ActiveX control to display
content in the clients browser.

How:
qsp2ie07074039.dll version 7.7.4.39(digitally signed Tuesday,
September 18, 2007 7:10:35PM)
{E473A65C-8087-49A3-AFFD-C5BC4A10669B}

The url parameter of the UploadLogs() method is vulnerable to a
buffer overflow.

Workaround:
Set the killbit for this control, see
http://support.microsoft.com/kb/240797

Fix:
No official fix known

Exploit:
Will be posted on milw0rm.com

Elazar
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wpwEAQECAAYFAkfDo+EACgkQi04xwClgpZiSQwP+OVVbAEDFc728APhQBQgcgeOXP/6K
WcLjPLdz2lXRO3P15Umrqgr6tChJ0HbsW40U67+zyw0VG0k87IL6ZOyqjRtNPWwb4j7W
3EjC04vI9pxQBtjoG9ZR80PX6ociLCq7ApS1uOsSDy61N/092E4mIKbCwD6coTuUzP5U
Q56IVKo=
=v29c
-----END PGP SIGNATURE-----

--
Click to shop and save on brand name copiers today.
http://tagline.hushmail.com/fc/Ioyw6h4efL3TOAtEgKVyrVjF0g3IeZGowAyIsMPtoIkky6N3oFUUnm/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] NULL pointer in SurgeFTP 2.3a2
Next by Date: [Full-disclosure] Backend Cross Site Scripting (XSS) in Serendipity (S9Y) 1.2.1, CVE-2008-0124
Previous by thread: [Full-disclosure] NULL pointer in SurgeFTP 2.3a2
Next by thread: [Full-disclosure] Backend Cross Site Scripting (XSS) in Serendipity (S9Y) 1.2.1, CVE-2008-0124
Index(es):
- Date
- Thread

Relevant Pages

How to Decide Between a Browser-Based or Rich Client
... many potential clients ask "is it web-enabled" as if that is the ... Windows forms for more complex access. ... Windows applications. ... a while for the 5MB ActiveX control to download :-) ...
(microsoft.public.dotnet.framework.aspnet)
Re: Lan setup 2 nic
... As you did a fresh install, you will need to rejoin the clients. ... The external nic should NOT have the Client for MS Networks checked. ... What 2 available TCP/IP ... >> Attached a screenshots of my 2 nics. ...
(microsoft.public.windows.server.sbs)
Re: Multiple Public NICs
... Rob, so if I understand you correctly you want 3 networks, 2 with clients on ... How do the current clients connect to the Internet? ... MVP - Windows Server - Clustering ...
(microsoft.public.windows.server.clustering)
Re: ethics of approaching vulnerable prospective clients
... ethics of approaching vulnerable prospective clients ... Of interest especially are clients with wireless networks. ... site security, web application security etc. ... For more information on SecurityFocus' SIA service which ...
(Pen-Test)
Re: SBS2008: Problem with clients using RWW Remote Desktop, TS Gateway
... Sorry cris, last time I was told one or the other so I figured here since I didn't have the bookmark on my laptop. ... the add on is not there on the Vista clients I have access to so it isn't disabled. ... The Microsoft Terminal Services Client ActiveX control is either not available, ...
(microsoft.public.windows.server.sbs)