Signature Detail

HTTP: Sony XCP DRM Uninstaller CLSID Access

This signature detects attempts to exploit several security vulnerabilities against Sony XCP Web-Based Uninstaller ActiveX ClassID. Attackers can exploit these vulnerabilities by crafting a malicious Web site that can add, remove, run any program on your computer, or reboot your computer.

Extended Description

First 4 Internet CodeSupport is susceptible to a remote code execution vulnerability. The CodeSupport package can be told to download, and then execute arbitrary content from remote Web sites. As it fails to verify that the source of the remote content is from a trusted source, attackers may utilize it to download and execute malicious code from arbitrary sources, facilitating the remote compromise of targeted computers.

Affected Products

• First4Internet CodeSupport

References

• BugTraq: 15430
• CVE: CVE-2005-3650
• URL: http://www.freedom-to-tinker.com/?p=927
• URL: http://hack.fi/~muzzy/sony-drm/
• URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3650