Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3650

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2005-3650
Last Modified 07 Mar 2011 12:00:00
Published 17 Nov 2005 06:02:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3650

Summary

The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the First4Internet XCP DRM, has "safe for scripting" enabled, which allows remote attackers to execute arbitrary code by calling vulnerable functions such as RebootMachine, IsAdministrator, and ExecuteCode.

Vulnerable Systems

Application

  • First4internet Xcp Drm


References

CERT-VN - VU#312073

XF - first4internet-xcp-sony-gain-access(23063)

VUPEN - ADV-2005-2454

BID - 15430

OSVDB - 20887

MISC - http://www.freedom-to-tinker.com/?p=927

SECUNIA - 17610

MISC - http://hack.fi/~muzzy/sony-drm/


Last Updated: 27 May 2016 10:41:00