CVE-2005-3650
First4Internet XCP DRM - Remote Code Execution via CodeSupport.ocx ActiveX Control
Title source: llmDescription
The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the First4Internet XCP DRM, has "safe for scripting" enabled, which allows remote attackers to execute arbitrary code by calling vulnerable functions such as RebootMachine, IsAdministrator, and ExecuteCode.
References (8)
Core 8
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17610
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2454
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/20887
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/312073
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15430
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/23063
Various Sources x_refsource_misc
http://www.freedom-to-tinker.com/?p=927
Various Sources x_refsource_misc
http://hack.fi/~muzzy/sony-drm/
Scores
EPSS
0.0631
EPSS Percentile
92.8%
Details
CWE
CWE-94
Status
published
Products (1)
first4internet_xcp_drm/first4internet_xcp_drm
Published
Nov 17, 2005
Tracked Since
Feb 18, 2026