Thunderclap ActiveX controls a long-distance code to carry out the crack
by cocoruder (frankruer_at_hotmail.com)
http://ruder.cdut.net
Summary:
Thunderclap is one section in China very popular based on the P2SP technology downloading software. More detailed information please refer:
http://www.xunlei.com
In Thunderclap 5 ActiveX controls to have a long-distance code to carry out the crack, the long-distance aggressor may use this crack in by the aggressor system on by the current browser jurisdiction execution random code, then may install the wooden horse as well as the spy procedure.
Affected Software Versions:
Thunderclap 5 (Version of “DapCtrl*.dll” <= 1.5.578.28)
Details:
The crack exists in controls by ActiveX " DapCtrl*.dll " to derive " Put() “in the function, the related information is as follows:
InprocServer32: C:\Documents and Settings\All Users \ Application Data \ Thunder Network \ KanKan \ DapCtrl1.5.578.28.483.dll
ClassID : ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8
[id(0x00000002)]
long Put([in] BSTR name, [in] VARIANT value);
If establishes first parameter name certain special object object, will cause to be possible to destroy by the use IE memory, passes through the careful structure many destructions to cause IE to move to a fixed address, this address may use in IE javascript heap the spray technology to cover, thus may carry out the random code stably.
Solution:
The manufacturer has repaired this crack in the newest edition, the manufacturer announced that might find in the following address:
http://safe.xunlei.com/announce/xl08040501.html
Disclosure Timeline:
2008.04.18 Notice manufacturer
2008.04.18 Manufacturer response
2008.04.29 (before) The crack is repaired peacefully in the newest edition
2008.04.29 The inquiry, is informed needs about one half a month the time push patch (!?)
2008.06.13 Manufacturer issue announcement
2008.06.13 The issue announced
--EOF--
|