Reported PPStream 0day? Exploitable or just a crash?

PPStream is a multimedia player used widely throughout Asia, as in hundreds of millions of users. As such, it is interesting when crashes for widely used client-side software are reported as “exploitable” on various blogs and PoC sites.

According to the post, the reportedly vulnerable ActiveX component is MList.ocx, and it appears to maintain a heap overflow condition. The author had not released a workable exploit, and there appears to be no ThreatFire community reports for the component. Its exploitability is being discussed on full disclosure lists and various other forums:
“PPStream is the most huge p2p media player in the world. There are two hundred million ppstream users in the world. The vulnerability is exploitable,but I have no time to make it,you could visit my blog for detail.^@^ ”

So it appears to be a work in progress. If it is exploitable for such widely used software, it is strange that this one did not hit the underground market first and it has not been added to known exploit packs and kits. If you are using PPStream, be wary of the sites that you stream until you patch.

This entry was posted in Malware Alerts. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>