Remote code execution in Xunlei Thunder

1) Heap-based buffer overflow

EUVDB-ID: #VU1246

Risk: Critical

CVSSv3.1: 9.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:F/RL:U/RC:C]

CVE-ID: CVE-2007-6144

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in PPlayer.XPPlayer.1 ActiveX control when handling long strings passed via FlvPlayerUrl property value. A remote attacker can create a specially crafted web page, trick the victim into visiting it, cause a heap-based buffer overflow and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: this vulnerability was being actively exploited.

Mitigation

Cybersecurity Help is not aware of any official solution to address this vulnerability. It is recommended to permanently remove the affected software from your system.

Vulnerable software versions

Xunlei Thunder: 5.7.4.401

External links

http://betanews.com/2008/05/19/ten-thousand-servers-hit-in-sql-injection-hack/
http://www.pcworld.com/article/146048/article.html
http://forums.whatthetech.com/index.php?showtopic=91131
http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=50081

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.