Monday, September 27, 2010

Microsoft DRM Technology (msnetobj.dll) ActiveX Multiple Remote Vulnerabilities

# Vulnerability Discovered By Asheesh kumar Mani Tripathi
# email
# company
# Credit by Asheesh Anaconda
# Date 18th Sep 2010

# Description: Microsoft DRM technology (msnetobj.dll) ActiveX suffers from multiple remote vulnerabilities such as buffer overflow, integer overflow and denial of service (IE crash). This issue is triggered when an attacker convinces a victim user to visit a malicious website.

The "GetLicenseFromURLAsync" function does not handle input correctly. Remote attackers may exploit this issue to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers. Failed exploit attempts likely result in browser crashes.

No comments:

Post a Comment