Vulnerability Description
The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the First4Internet XCP DRM, has "safe for scripting" enabled, which allows remote attackers to execute arbitrary code by calling vulnerable functions such as RebootMachine, IsAdministrator, and ExecuteCode.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| First4Internet Xcp Drm | First4Internet Xcp Drm | All versions |
Related Weaknesses (CWE)
References
- http://hack.fi/~muzzy/sony-drm/
- http://secunia.com/advisories/17610Vendor Advisory
- http://www.freedom-to-tinker.com/?p=927
- http://www.kb.cert.org/vuls/id/312073Third Party AdvisoryUS Government Resource
- http://www.osvdb.org/20887
- http://www.securityfocus.com/bid/15430
- http://www.vupen.com/english/advisories/2005/2454Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23063
- http://hack.fi/~muzzy/sony-drm/
- http://secunia.com/advisories/17610Vendor Advisory
- http://www.freedom-to-tinker.com/?p=927
- http://www.kb.cert.org/vuls/id/312073Third Party AdvisoryUS Government Resource
- http://www.osvdb.org/20887
- http://www.securityfocus.com/bid/15430
- http://www.vupen.com/english/advisories/2005/2454Vendor Advisory
FAQ
What is CVE-2005-3650?
CVE-2005-3650 is a vulnerability with a CVSS score of 9.3 (HIGH). The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the First4Internet XCP DRM, has "safe for scripting" enabled, which allows remote attackers to execute arbitrary code by calling vulne...
How severe is CVE-2005-3650?
CVE-2005-3650 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3650?
Check the references section above for vendor advisories and patch information. Affected products include: First4Internet Xcp Drm First4Internet Xcp Drm.