The Move Networks Quantum Streaming Player ActiveX controls contain multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Move Networks Quantum Streaming Player is an ActiveX video player for use in the Internet Explorer web browser. The Quantum Streaming Player ActiveX controls contain stack buffer overflow vulnerabilities in the Buzzer() and Play() methods.
A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system with privileges of the user.
We are currently unaware of a practical solution to this problem. Please consider the following workarounds
Disable the Quantum Streaming Player ActiveX controls in Internet Explorer
This vulnerability was discovered by Will Dormann of the CERT/CC. It was also independently discovered and publicly disclosed by Parvez Anwar.
This document was written by Will Dormann.
|Date First Published:||2007-09-04|
|Date Last Updated:||2007-09-21 17:24 UTC|