Summary
This host is installed with UUSee UUPlayer and is prone to multiple remote code execution vulnerabilities.
Impact
Successful exploitation allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control. Failed exploit attempts will likely result in denial-of-service conditions.
Impact Level: System/Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
- A boundary error in the UUPlayer ActiveX control when handling the 'SendLogAction()' method can be exploited to cause a heap-based buffer overflow via an overly long argument.
- An input validation error in the UUPlayer ActiveX control when handling the 'Play()' method can be exploited to execute an arbitrary program via a UNC path passed in the 'MPlayerPath' parameter.
Affected
UUSee UUPlayer 2010 6.11.0609.2
References
Severity
Classification
-
CVE CVE-2011-2589, CVE-2011-2590 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities-01 Dec13 (Mac OS X)
- Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Mac OS X
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Mac OS X)
- Adobe AIR Multiple Vulnerabilities -01 April 13 (Mac OS X)
- Adobe Dreamweaver Insecure Library Loading Vulnerability