SOHU Digital Channel Web Site Compromised with Xunlei Thunder DapPlayer Exploit

Websense Security Labs ThreatSeeker Network discovered that the SOHU Digital Channel Web site was compromised with a Xunlei Thunder DapPlayer Exploit that can lead to downloading and executing an Autorun worm that steals users’ online game account information.

SOHU is one of the biggest portals in China, with Alexa rank 43. It offers mainly advertising, search engines, and online multi-player gaming. While Xunlei is one of most popular download managers and BitTorrent clients, it also offers free media for download. Its main site also has a relatively high Alexa rank of 126.

According to Secunia, the vulnerability is caused by a boundary error in the DPClient.Vod.1 ActiveX control (DapPlayer_Now.dll) when it is handling arguments passed to the "DownURL2()" method. This can be exploited to cause a buffer overflow by passing an overly long argument to the affected method. Successful exploitation allows execution of arbitrary code.

Details with screenshots in http://securitylabs.websense.com/content/Blogs/3539.aspx

Leave a Reply