Sopcast SopCore ActiveX SetExternalPlayer() code execution (SopcastSetexternalplayerCodeExecution)

Vuln ID: 48955
Risk Level: High risk vulnerability  High SopcastSetexternalplayerCodeExecution
Platforms: SopCast SopCore ActiveX: 3.0.3.501
Description:

The Sopcast SopCore ActiveX control (sopocx.ocx) could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability using the SetExternalPlayer() insecure method to execute arbitrary code on the system with the privileges of the victim or cause the browser to crash.

Remedy:

No remedy available as of September 1, 2014.

False Positives:
False Negatives:
Required Permission: Windows login
Additional Information:

References:

BugTraq Mailing List, Wed Feb 25 2009 - 23:56:19 CST
Sopcast SopCore Control (sopocx.ocx 3.0.3.501) SetExternalPlayer() user assisted remote code execution poc
http://archives.neohapsis.com/archives/bugtraq/2009-02/0220.html

SopCast Web site
Free Software Download - Free P2P internet TV | live football, NBA, cricket
http://www.sopcast.org/download/

milw0rm.com [2009-03-03]
Sopcast SopCore Control (sopocx.ocx) Command Execution Exploit
http://milw0rm.com/exploits/8143

ISS X-Force
Sopcast SopCore ActiveX SetExternalPlayer() code execution
http://www.iss.net/security_center/static/48955.php

CVE CVE-2009-0811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0811


X-Force Logo
Know Your Risks
Mitre.org CVE Logo
Common Vulnerabilties & Exposures