|
|
|  |
|
|
|
|
F-Secure Malware Information Pages: Exploit:HTML/IESlice.BK

|
|
|
| Radar |
 |
|
|
|
Summary
|
Exploit:HTML/IESlice.BK exploits a vulnerability in an ActiveX control used by Xunlei Thunder 5.7.4.401.
Malicious or compromised websites use the exploit to download and execute arbitrary code. |
|
|
|
Detailed Description
|
Exploit:HTML/IESlice.BK is a script that exploits a heap-based buffer overflow in the PPlayer.XPPlayer.1 ActiveX control used by the pplayer.dll_1_work DLL of Xunlei Thunder 5.7.4.401.
Sucessful exploitation allows the attacker to download and execute arbitrary code on the victim's computer. Exploitation is done via a malicious webpage containing the detected script. This vulnerability is under review as CVE-2007-6144.
Exploit:HTML/IESlice.BK will attempt to download a file from the following URL and execute it: The URL was inactive during investigations. |
|
|
|
F-Secure Corporation |
|
|
|
|
|
Last Modified: April 29, 2008
|
|
|
|
|