Sunday, September 23, 2007

0-day ITW... but relax

Hi folks,

Today we've found a 0-day ITW, but it's probably not going to affect too many people, so it's not a huge worry.

The issue is a buffer overflow in the PowerPlayer.dll ActiveX control in PPStream, CVE reference CVE-2007-4748. PPStream is a Chinese P2P video streaming application. As far as we know, there is no English version, but it probably won't affect too many people outside China.

It shows that the Bad Guys are still thinking and watching.

By the way, they teased us a bit because they also had an exploit named ms07-042, which would have been much more "interesting", but when we decrypted it, it turned out to just be another VML.





Post a Comment

<< Home