Storm video player has buffer overflow

With more and more functions of DV and digital cameras, consumers are increasingly using AV players to share and play personal life clips with their friends and family. Symantec Security Response Center recently found that in the domestic popular Chinese media player "Storm audio" has a number of buffer overflow vulnerabilities, some of which are being actively attacked. The vulnerability is related to the ActiveX control plug-in used by storm audio and video, where users can be attacked only by browsing a Web site that hides the attack code.

A successful attack would allow arbitrary code to remotely execute programs that use the ActiveX control plug-in (ie browser in this case), allowing the attacker to take full control of the compromised computer. An unsuccessful attack could result in a denial of execution, causing the browser to panic.

The vulnerability has been identified in the Storm AV 2.8 and 2.9 beta releases, and other versions are likely to be affected as well. Symantec Security Focus has released information code-named Bid 25601, which includes an interim remedy before the manufacturer provides patches. Symantec also added a heuristic detection bloodhound.exploit.160 for vulnerabilities.

Symantec reminds users that when they enjoy the joy of audio and video, and don't forget to pay attention to network security, in addition to maintaining the system, virus definition files in the latest state, more important is to upgrade the security protection level, to choose Norton Network Security Special Police, or Norton 360, such as two-way firewall and intrusion detection capabilities of security products.

Symantec provides users with the protection of the secret technology:

• Do not open links from unknown or untrusted sources

• To reduce the use of HTML e-mail, configure the e-mail client to represent the information in text form

• Run all software as an unprivileged user (non-privileged) to maintain minimum access rights

• To minimize the impact of hidden vulnerabilities, always run non-administrator software as an unprivileged user, maintaining minimal access

• Deployment of network intrusion detection systems, monitoring network traffic to prevent malicious behavior

• Deploy NIDs to monitor network traffic and monitor unusual or suspicious behavior

• Set up Web browser security detection to prevent scripting code or active content from executing

• Deploy multiple redundant layer Security detection

• Check and adjust default settings based on policy

Storm video MPS.DLL ActiveX controls multiple remote buffers overflow vulnerabilities small files:

Storm audio The ActiveX control has multiple buffer overflows that do not properly perform bounds checking for user-supplied data. A successful attack could allow a remote attacker to execute arbitrary code attacks against ActiveX control applications, especially ie. A failed exploit attempt could result in a denial of service condition.

Discovery Time: September 8, 2007

Infected version: "Storm audio" 2.8 version and "Storm Audio" 2.9 beta

Risk Level: High