CVE-2008-0090

Name of the Vulnerable Software and Affected Versions DivX Player version 6.6.0

Description A certain ActiveX control in npUpload.dll allows remote attackers to cause a denial of service, which can lead to an Internet Explorer 7 crash, via a long argument to the SetPassword method.

Recommendations For DivX Player version 6.6.0, consider disabling the SetPassword method as a temporary workaround until a patch is available. Restrict access to the npUpload.dll module to minimize the risk of exploitation. Avoid using long arguments in the SetPassword method until the issue is resolved.