CVE-2005-3650 Information

Description

The CodeSupport.ocx ActiveX control as used by Sony to uninstall the First4Internet XCP DRM has \safe for scripting\ enabled which allows remote attackers to execute arbitrary code by calling vulnerable functions such as RebootMachine IsAdministrator and ExecuteCode.

Reference

http://hack.fi/~muzzy/sony-drm/ http://secunia.com/advisories/17610 http://www.freedom-to-tinker.com/?p=927 http://www.kb.cert.org/vuls/id/312073 http://www.osvdb.org/20887 http://www.securityfocus.com/bid/15430 http://www.vupen.com/english/advisories/2005/2454 https://exchange.xforce.ibmcloud.com/vulnerabilities/23063