PPStream is a multimedia player used widely throughout Asia, as in hundreds of millions of users. As such, it is interesting when crashes for widely used client-side software are reported as “exploitable” on various blogs and PoC sites.

According to the post, the reportedly vulnerable ActiveX component is MList.ocx, and it appears to maintain a heap overflow condition. The author had not released a workable exploit, and there appears to be no ThreatFire community reports for the component. Its exploitability is being discussed on full disclosure lists and various other forums:
“PPStream is the most huge p2p media player in the world. There are two hundred million ppstream users in the world. The vulnerability is exploitable,but I have no time to make it,you could visit my blog for detail.^@^ ”

So it appears to be a work in progress. If it is exploitable for such widely used software, it is strange that this one did not hit the underground market first and it has not been added to known exploit packs and kits. If you are using PPStream, be wary of the sites that you stream until you patch.

This entry was posted on Friday, September 4th, 2009 at 9:40 am and is filed under 0day, Notification. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.