Re: [Full-disclosure] PPStream PPSMediaList Activex 0day exploit

[Rohit Patnaik <quanticle@xxxxxxxxx>]

There isn't exactly a whole lot of detail here. All you've got posted on 
your blog are two screenshots of the PPStream call stack after a crash.  
There's no detail about what input causes the crash, nor any other 
details about how to make it exploitable.  At present, it's not even 
clear (beyond your word, of course) that vulnerability even *is* 
exploitable.  With more detail, it'd be easier to analyze this 
vulnerability and propose a fix to the developers of this application.

Thanks,
Rohit Patnaik

expose 0day wrote:
> ******************************************************************************
> PPStream is the most huge p2p media player in the world.
> There are two hundred million ppstream users in the world.
> The vulnerability is exploitable,but I have no time to make it,you 
> could visit my blog for detail.^@^
> welcome to http://0dayexpose.blogspot.com/
>
>
> COM Object - {D22DE742-04CD-4B5C-A8A3-82AB3DAEC43D} PPSMediaList Control
> COM Object Filename : C:\PROGRA~1\PPStream\MList.ocx
> RegKey Safe for Script: True
> RegkeySafe for Init: True
> KillBitSet: False
> Company Name        : PPStream Inc.
> Version                : V2.6.86.8900
> Web Site            : http://www.ppstream.com
> *******************************************************************************
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/