SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#312073

First4Internet CodeSupport ActiveX control incorrectly marked "safe for scripting"

Overview

An ActiveX control used to uninstall XCP Digital Rights Management (DRM) software made by First 4 Internet and distributed on some Sony BMG audio CDs is marked "Safe for scripting"

I. Description

XCP Digital Rights Management (DRM) software by First 4 Internet, which is distributed by some Sony BMG audio CDs. The XCP copy protection software uses "rootkit" technology to hide certain files from the user. A problem has been reported in an ActiveX control used to uninstall this software.

It has been reported that upon submitting a request to uninstall the DRM software, the user will receive via email a link to a Sony BMG web page. This page will attempt to install an ActiveX control when it is displayed in Internet Explorer. This ActiveX control is marked "Safe for scripting," which means that any web page may be able to utilize the control and its methods. Some of the methods provided by this control appear to present security problems, as they may allow an attacker to download and execute arbitrary code.

II. Impact

It has been reported the ActiveX control used to uninstall XCP DRM software may allow remote attackers to download and execute arbitrary code on vulnerable systems. The ActiveX control will only execute code that is packaged in a certain file format.

III. Solution

Set the kill-bit for CLSID {4EA7C4C5-C5C0-4F5C-A008-8293505F71CC} after uninstalling the XCP DRM software.


As an alternative, disable ActiveX controls in Internet Explorer after uninstalling the XCP DRM software. Removing the vulnerable control may also limit the potential risk reported for the CodeSupport control:

cmd /k del “%windir%\downloaded program files\codesupport.ocx”

Systems Affected

No Information Available

References



http://hack.fi/~muzzy/sony-drm/
http://www.freedom-to-tinker.com/?p=927
http://secunia.com/advisories/17610/
http://www.osvdb.org/displayvuln.php?osvdb_id=20887
http://www.securityfocus.com/bid/15430
http://www.frsirt.com/english/advisories/2005/2454

Credit

This report has been publicly credited to Matti Nikki, with additional information provided by J. Alex Halderman and Ed Felten.

This document was written by Jeffrey Havrilla.

Other Information

Date Public:2005-11-15
Date First Published:2005-11-16
Date Last Updated:2005-12-07
CERT Advisory: 
CVE-ID(s):CVE-2005-3650
NVD-ID(s):CVE-2005-3650
US-CERT Technical Alerts: 
Metric:7.76
Document Revision:21

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2005 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader