• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

COWON America jetAudio JetFlExt.dll ActiveX Control Insecure Method Vulnerability

Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. The exploit is not otherwise publicly available or known to be circulating in the wild.

To exploit this issue, an attacker must entice an unsuspecting user to view a maliciously crafted webpage.

UPDATE (August 11, 2008): Symantec has detected active exploit attempts in the wild.

Sample exploit code is available:

• /data/vulnerabilities/exploits/jetAudio_insecure_method.html