SopCast SopCore ActiveX Control DoS Vulnerability (Win) Network Vulnerability

Summary

This host is installed with SopCast SopCore ActiveX and is prone to denial of service vulnerability.

Impact

Attacker may exploit this issue to execute arbitrary script code and may crash the browser. Impact Level: Application

Solution

Upgrade to SopCast version 3.2.9 or later For updates refer to http://www.sopcast.org/ Workaround: Set the killbit for the CLSID {8FEFF364-6A5F-4966-A917-A3AC28411659} http://support.microsoft.com/kb/240797

Insight

Remote arbitrary programs can be executed via executable file name in the SetExternalPlayer function of the sopocx.ocx file and persuading a victim to visit a specially-crafted Web page.

Affected

SopCast sopocx.ocx version 3.0.3.501 on Windows.

References

http://xforce.iss.net/xforce/xfdb/48955

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-0811
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Reader/Acrobat Denial of Service Vulnerability (May09)
AnalogX SimpleServer:WWW DoS
connect to all open ports
Avast! Zoo Denial of Service Vulnerability
Apple QuickTime Multiple Vulnerabilities - Jun09

Take action and discover your vulnerabilities