PT-2010-2142 · Viscom · Viscom Software Movie Player Pro Sdk Activex
Published
2010-01-18
·
Updated
2024-02-14
·
CVE-2010-0356
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Viscom Software Movie Player Pro SDK ActiveX version 6.8.0.0
Description
The issue is related to a stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control. This occurs when a long
strFontName parameter is passed to the DrawText method, allowing remote attackers to execute arbitrary code.Recommendations
For Viscom Software Movie Player Pro SDK ActiveX version 6.8.0.0, consider restricting access to the
DrawText method until a patch is available, and avoid using long strings for the strFontName parameter to minimize the risk of exploitation.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Viscom Software Movie Player Pro Sdk Activex