CR64Loader.ActiveX.Object.Access

description-logoDescription

The Retro64 CR64Loader ActiveX control is prone to a remote buffer-overflow vulnerability that allow a remote attacker to cause a denial of service or execute arbitrary commandby tricking a user into visiting a specially crafted web page.
The vulnerable control was distributed in the past by retro64.com and miniclip.com, but is reportedly no longer in use. Users who have previously installed this software may be vulnerable to this issue.

affected-products-logoAffected Products

Retro64 / Miniclip CR64Loader ActiveX Control

Impact logoImpact

Gain Access

recomended-action-logoRecommended Actions

The CR64Loader ActiveX control can be disabled by setting a kill bit for CLSID {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} :
http://support.microsoft.com/kb/240797

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

1