Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Move Networks Upgrade Manager QMPUpgrade.dll Buffer Overflow

From: "Elazar Broad" <elazar () hushmail com>
Date: Sun, 27 Jan 2008 02:56:44 +0000
Who:
Move Networks
http://www.movenetworks.com/

What:
Move Networks Quantum Streaming Player Upgrade Manager

How:
QMPUpgrade.dll version 1.0.0.1
{6054D082-355D-4B47-B77C-36A778899F48}

QMPUpgrade.dll is packaged with an older version of the Quantum 
player. The player itself has several vulnerabilities, see 
http://www.securityfocus.com/bid/25529, which were fixed in later 
version(s). I can confirm this for version 7.7.4.39, 
qsp2ie07074039.dll, digitally signed Tuesday, September 18, 2007 
7:10:35 PM. What is interesting is what happens when you upgrade 
from an older version of the player.

Old Path: Documents and Settings\All Users\Application Data\Move 
Networks
New Path: Documents and Settings\%username%\Application Data\Move 
Networks\ie_bin

Both versions use the same class id, when the player is upgraded, 
the class id points to the newer version, however, the older 
version is left  as is, along with the vulnerable QMPUpgrade.dll 
still registered.

Exploit:
http://milw0rm.com/exploits/4979

Workaround:
Newer version(s) of the player come bundled with an executable 
called MovePlayerUpgrade.exe, so I am assuming that QMPUpgrade.dll 
is no longer needed. Killbit it or better yet, remove it altogether.

Fix:
No official fix known

P.S. To SF and others, e.b. is my initials :)


--
Live your dreams.  Click here to find information on becoming a lawyer.
http://tagline.hushmail.com/fc/Ioyw6h4fKhCPKyEBGODBuqbJgM0Y38sJNAXMugFnArEBr0pt1IXX4E/
Elazar

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: