Remote code execution in Xunlei Thunder

1) Heap-based buffer overflow

EUVDB-ID: #VU1246

Risk: Critical

CVSSv4.0: 8.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2007-6144

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in PPlayer.XPPlayer.1 ActiveX control when handling long strings passed via FlvPlayerUrl property value. A remote attacker can create a specially crafted web page, trick the victim into visiting it, cause a heap-based buffer overflow and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: this vulnerability was being actively exploited.

Mitigation

Cybersecurity Help is not aware of any official solution to address this vulnerability. It is recommended to permanently remove the affected software from your system.

Vulnerable software versions

Xunlei Thunder: 5.7.4.401

CPE2.3

• cpe:2.3:a:xunlei:xunlei_thunder:5.7.4.401:*:*:*:*:*:*:*

External links

https://betanews.com/2008/05/19/ten-thousand-servers-hit-in-sql-injection-hack/
https://www.pcworld.com/article/146048/article.html
https://forums.whatthetech.com/index.php?showtopic=91131
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=50081

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.