Symantec confirmed multiple buffer overflow vulnerabilities in storm videos

With the increasing number of video recording functions in various DV and digital cameras, there are more and more opportunities for consumers to use audio and video players to share and play personal living clips with friends and family. There are multiple buffer overflow vulnerabilities in popular Chinese Media Player "Storm audio and video" in China, some of which are under active attacks. The vulnerability is related to the ActiveX control plug-in used by storm audio and video. Users only need to browse a website that hides the attack code and may be attacked.

Successful attacks allow arbitrary code to remotely execute programs using ActiveX Control plug-ins (in this case, IE browser), allowing attackers to fully control the attacked computers. An unsuccessful attack may cause a denial of execution and cause the browser to crash.

The vulnerability has been detected in the "Storm video" 2.8 and 2.9 beta versions. Other versions may also be affected. Symantec Security Focus publishes information codenamed BID 25601, which includes temporary remediation practices before the manufacturer provides patches. Symantec also added the vulnerability-targeted heuristic detection Bloodhound. Exploit.160.

Symantec reminds users not to pay attention to network security when enjoying the joy of audio and video. In addition to keeping the system and virus definition files up-to-date, Symantec also improves the security protection level, choose the Norton network security expert, or the Norton 360 and other security products with two-way firewall and intrusion detection functions.

User protection techniques:

Do not open links from unknown or untrusted sources. To reduce the use of HTML emails, configure the email client to present the information in text as a non-privileged user) identity to run all software, keep the minimum access permission to reduce the impact of hidden vulnerabilities, always run non-Administrator software as a non-privileged user, keep the minimum access permission to deploy the network intrusion detection system, monitors network traffic to prevent malicious behaviors. deploys NIDS to monitor network traffic. Monitors abnormal or suspicious behaviors and sets Web browser security detection, prevents execution of script code or active content deployment of multiple redundancy layer security detection according to Policy Check and adjust default settings

Storm audio and video MPS. DLL ActiveX Control Multiple Remote Buffer Overflow Vulnerability files:

The storm Audio and Video ActiveX Control has multiple buffer overflow vulnerabilities and cannot correctly perform the boundary check for user data. Successful attacks allow remote attackers to execute arbitrary code attacks against ActiveX control applications (especially ie browsers. Failed exploits may cause denial-of-service (DoS) attacks.