mers2
Premium,MVM
join:2004-03-20
USA
clubs:
 ·AT&T U-Verse
| Heads Up - Flaw for Viewpoint Media Player Posted. »blogs.zdnet.com/security/?p=636
» Exploit posted for Viewpoint Media Player flaw
Exploit posted for Viewpoint Media Player flaw
08:33AM Thursday Nov 08 2007 by lilhurricane
Tipped by TheJoker See Profile
Ryan Naraine
Exploit code for an unpatched vulnerability in the widely distributed Viewpoint Media Player has been posted on the Internet, putting millions of Internet Explorer users at risk of code execution attacks.
The exploit, available at Milw0rm.com, takes advantage of a stack-based buffer overflow in the Viewpoint browser plug-in that sits on millions of computers thanks to bundling deals with AOL, AIM, Netscape and Adobe.
--
Team Discovery
| |
|
 |
KachiWachi
join:2004-02-12
PA, USA
| There used to be a way to find out what version of Viewpoint you had installed (some fancy keystrokes when you got to their webpage).
I forget what they are. 
Does this "command" still exist?
Thanks. | |
|
 | |
| | 
planet
join:2001-11-05
Olmsted Falls, OH | Re: Heads Up - Flaw for Viewpoint Media Player Posted. Thanks. Got Viewpoint on 2 of my computers. Never use it. Uninstalled it. | |
|
| | |
KachiWachi
join:2004-02-12
PA, USA
| Re: Heads Up - Flaw for Viewpoint Media Player Posted. I found the command string. 
"Viewpoint Support sez -
Cntl + Alt + Shift + Left Click on the content that requires the VMP. A window should appear that tells you all of the components you have, and what version they are."
Test page - »www.viewpoint.com/technologies/v···eo.shtml
Click on one of the "balls" below the text that says - "Viewpoint Media Player Features - Click to View Features Below"
Thanks. | |
|
|
| |
| |
redwolfe_98
join:2001-06-11 | viewpoint has always been bundled with AOL, at least up until the recent new version of AOL.. i don't know if viewpoint is bundled with the new version of AOL, or not.. | |
|
|
KachiWachi
join:2004-02-12
PA, USA | Re: Heads Up - Flaw for Viewpoint Media Player Posted. @redwolfe_98 -
It is...as far as AIM is concerned (check the developer link I posted above). | |
|
| |
mers2
Premium,MVM
join:2004-03-20
USA
clubs:
·AT&T U-Verse
| Re: Heads Up - Flaw for Viewpoint Media Player Posted. said by KachiWachi  :@redwolfe_98 - It is...as far as AIM is concerned (check the developer link I posted above). It looks like it's also installed with AIM, which will affect a lot of people. I wonder if AOL also packaged it with their new release of Netscape? I don't see it on the list and don't use it, but it used to be packaged in the older versions.
--
Team Discovery
| |
|
Libra
Premium
join:2003-08-06
USA
| I have viewpoint media on both computers, and the XP has
AxMetaStream.dll v3.2.2.26  . AOL is on the computer. Does anyone know what will be broken if I remove viewpoint media?
(I'm not aware of using it, but I guess it just loads?)
Also, I went to Kachi's test page with the Seamonkey browser on both computers and it said I needed Viewpoint to view the page, so it's not in Seamonkey.
Thanks.
Sincerely, Libra | |
|
|
KachiWachi
join:2004-02-12
PA, USA | Re: Heads Up - Flaw for Viewpoint Media Player Posted. IIRC, if you uninstall the VMP, it will re-install itself when AOL/AIM is launched...but don't quote me on this.
Thanks. | |
|
| | Libra
Premium
join:2003-08-06
USA
| Re: Heads Up - Flaw for Viewpoint Media Player Posted. Hi Kachi,
In a search I found that with AOL, AIM etc. you have to shut them down first. As far as AOL is concerned, it said to remove VMP from add/remove, then go into AOL Program files and in the jiti folder delete the VMP.exe. I haven't tried this. I don't know what it will break in AOL and I don't want to mess up my daughter's AOL.
Is there a way to tell when this VMP is being used?
At the VMP site they mention a VMP Control Panel in Control Panel - but I don't have that either.
Thanks.
Sincerely, Libra | |
|
| | |
planet
join:2001-11-05
Olmsted Falls, OH
 ·Cox HSI
| Re: Heads Up - Flaw for Viewpoint Media Player Posted. quote:
if you uninstall the VMP, it will re-install itself when AOL/AIM is launched...but don't quote me on this.
I checked my daughter's laptop after uninstalling VMP. She uses AIM and VMP hasn't reinstalled itself; she is using a limited account. I uninstalled VMP with the admin account. Not sure if that would effect things or not. | |
|
| | | | Libra
Premium
join:2003-08-06
USA | Re: Heads Up - Flaw for Viewpoint Media Player Posted. Thanks planet. I found out that VMP has to do with superbuddies and IM wallpaper, etc. in the AOL client. I'll leave it be. Hopefully since it's run in a limited account it won't cause problems.
Sincerely, Libra | |
|
| | | | | |
| | | | | |
mers2
Premium,MVM
join:2004-03-20
USA
clubs: | Re: Heads Up - Flaw for Viewpoint Media Player Posted. If I had this program - and I don't - this information would have it gone within 2 minutes. This is typical of AOL, which is why I don't use any of their products.
--
Team Discovery
| |
|
|
|
|
Re: Heads Up - Flaw for Viewpoint Media Player Posted.