Roxio CinePlayer IAManager.dll ActiveX control buffer overflow (CineplayerIamanagerBo)

Vuln ID: 50868
Risk Level: High risk vulnerability  High CineplayerIamanagerBo
Platforms: Roxio CinePlayer: 3.2
Description:

Roxio CinePlayer ActiveX control (IAManager.dll) is vulnerable to a heap-based buffer overflow. By persuading a victim to visit a specially-crafted Web page that passes an overly long string to the SetIAPlayerName() method, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the victim or cause the victim's browser to crash.

Remedy:

No remedy available as of August 1, 2014.

False Positives:
False Negatives:
Required Permission: Windows login
Additional Information:

References:

milw0rm.com [2009-06-01]
Roxio CinePlayer 3.2 (IAManager.dll) Remote BOF Exploit (heap spray)
http://milw0rm.com/exploits/8835

CinePlayer Web site
Sonic / Products / Consumer / CinePlayer
http://www.sonic.com/products/Consumer/CinePlayer/default.aspx

ISS X-Force
Roxio CinePlayer IAManager.dll ActiveX control buffer overflow
http://www.iss.net/security_center/static/50868.php

CVE CVE-2009-4840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4840


X-Force Logo
Know Your Risks
Mitre.org CVE Logo
Common Vulnerabilties & Exposures