The most common vulnerabilities used by malevolent URLs in China
Tuesday March 31, 2009 at 5:59 am CST
Posted by Yang Zhang
Everyday there are thousands of websites that have been injected with malicious code and there are millions of hosts that have been infected by malware from these malevolent URLs. The main vulnerabilities lately are Windows-based as well as third-party application issues. This blog will introduce the most common vulnerabilities used by malevolent URLs in China throughout 2008.
1. BaoFeng2 Storm
BaoFeng2 Storm is the most powerful media player used in China. The software supports multiple media formats, and its features are easy-to-use, as well as free. Multiple buffer overflow in Baofeng2 Storm allow for the downloading and execution of files. CVE Number is CVE-2007-4816.
Reference:
http://www.baofeng.com/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4816
2. Baidu Soba
Baidu Soba is a search bar for the Internet that is integrated with a powerful MP3 search, web page search, flash search and so on. Vulnerabilities in the BaiduBar.dll in Baidu Soba have allowed for the download and execution of files via a specific link. According to the vulnerability description, the vulnerability exists in versions prior to version 5.4. CVE Number is CVE-2007-4105.
Reference:
http://bar.baidu.com
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4105
3. Xunlei Web
Xunlei Web is downloader software. Its GUI control is very browser-like. It’s important to note that people can find more and more valuable resources to download via Xunlei Web, so Xunlei Web has a great deal of customers. Buffer overflows in Xunlei Web before version 5.6.3.44 can execute arbitrary code with the vulnerability. CVE Number is CVE-2007-5064.
Reference:
http://dl.xunlei.com/index.htm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5064
4. PPStream
PPStream is IPTV software base on p2p streaming techniques. It’s very popular in China. Buffer overflows in the PowerPlayer.dll in PPStream before version 2.0.1.3829 allow for the execution of arbitrary code via the vulnerability. Its CVE number is CVE-2007-4748.
Reference:
http://www.ppstream.com
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4748
5. OurGame Chat
OurGame is a kind of free game. It is a gaming platform that covers all the related fields and areas of network games. It has a category of nearly one hundred species of games, including Card games, leisure games, large-scale network and so on. Buffer overflows in the GLChat.ocx of the OurGame Chat module in the ConnectAndEnterRoom() method allows for the execution arbitrary code. Its CVE number is CVE-2007-5722.
Reference:
http://www.ourgame.com
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5722
6. Ultra Star Reader
Ultra Star Reader is an e-book reader tool. It’s similar to a PDF reader. Buffer overflows in the Ultra Star Reader allows for execution of arbitrary code via the vulnerability. Its CVE number is CVE-2007-5807.
Reference:
http://www.ssreader.com
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5807
7. JetAudio
JetAudio is media player with sound-effect enhancing functionality. Vulnerabilities in the JetFlExt.dll in JetAudio version 7.0.3 allows for the overwriting of arbitrary local files. Attackers can drop malware on a system via this vulnerability. Its CVE number is CVE-2007-4983.
Reference:
http://www.jetaudio.com
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4983
8. Xunlei Thunder
Xunlei Thunder is free downloader software. It supports multiple download protocols such as http, ftp and bit torrent. Buffer overflows in the pplayer.dll in Xunlei Thunder allow for the execution of arbitrary code. Its CVE number is CVE-2007-6144.
Reference:
http://www.xunlei.com
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6144