#VU1246 Heap-based buffer overflow in Xunlei Thunder - CVE-2007-6144
Published: December 10, 2016 / Updated: February 28, 2017
Vulnerability identifier: #VU1246
Vulnerability risk: Critical
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2007-6144
CWE-ID: CWE-122
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Xunlei Thunder
Xunlei Thunder
Software vendor:
Xunlei
Xunlei
Description
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in PPlayer.XPPlayer.1 ActiveX control when handling long strings passed via FlvPlayerUrl property value. A remote attacker can create a specially crafted web page, trick the victim into visiting it, cause a heap-based buffer overflow and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability was being actively exploited.
Remediation
Cybersecurity Help is
not aware of any official solution to address this vulnerability. It
is recommended to permanently remove the affected software from your system.