Full Disclosure mailing list archives
Move Networks Upgrade Manager QMPUpgrade.dll Buffer Overflow
From: "Elazar Broad" <elazar () hushmail com>
Date: Sun, 27 Jan 2008 02:56:44 +0000
Who: Move Networks http://www.movenetworks.com/ What: Move Networks Quantum Streaming Player Upgrade Manager How: QMPUpgrade.dll version 1.0.0.1 {6054D082-355D-4B47-B77C-36A778899F48} QMPUpgrade.dll is packaged with an older version of the Quantum player. The player itself has several vulnerabilities, see http://www.securityfocus.com/bid/25529, which were fixed in later version(s). I can confirm this for version 7.7.4.39, qsp2ie07074039.dll, digitally signed Tuesday, September 18, 2007 7:10:35 PM. What is interesting is what happens when you upgrade from an older version of the player. Old Path: Documents and Settings\All Users\Application Data\Move Networks New Path: Documents and Settings\%username%\Application Data\Move Networks\ie_bin Both versions use the same class id, when the player is upgraded, the class id points to the newer version, however, the older version is left as is, along with the vulnerable QMPUpgrade.dll still registered. Exploit: http://milw0rm.com/exploits/4979 Workaround: Newer version(s) of the player come bundled with an executable called MovePlayerUpgrade.exe, so I am assuming that QMPUpgrade.dll is no longer needed. Killbit it or better yet, remove it altogether. Fix: No official fix known P.S. To SF and others, e.b. is my initials :) -- Live your dreams. Click here to find information on becoming a lawyer. http://tagline.hushmail.com/fc/Ioyw6h4fKhCPKyEBGODBuqbJgM0Y38sJNAXMugFnArEBr0pt1IXX4E/ Elazar _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Move Networks Upgrade Manager QMPUpgrade.dll Buffer Overflow Elazar Broad (Jan 26)