Creative Software AutoUpdate Engine Vulnerable to ActiveX Control Fault
A critical vulnerability in the Creative Software automatic update engine could put Windows computers in danger of arbitrary code execution from a remote place, according to an alert from the US-CERT (United States Computer Emergency Readiness Team), as reported by ZDNet on May 27, 2008.
The US-CERT officials said that an ActiveX bug haunts the Creative Labs AutoUpdate system. The flaw harms the software that helps to supply updates to Creative Labs' video-audio amusement product line that includes the widely accessed Zen MP3 player line.
eEye Digital Security, the company that reported the bug, disclosed that a proof-of-concept is posted on an exploit site established for public access. An ActiveX control of the Create Software AutoUpdate Engine is marked Safe for Initializ...
» SPAMfighter News - 17-06-2008