CVE-2005-3650

First4Internet XCP DRM - Remote Code Execution via CodeSupport.ocx ActiveX Control

Title source: llm
STIX 2.1

Description

The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the First4Internet XCP DRM, has "safe for scripting" enabled, which allows remote attackers to execute arbitrary code by calling vulnerable functions such as RebootMachine, IsAdministrator, and ExecuteCode.

References (8)

Core 8
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17610
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2454
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/20887
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/312073
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15430
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/23063
Various Sources x_refsource_misc
http://www.freedom-to-tinker.com/?p=927
Various Sources x_refsource_misc
http://hack.fi/~muzzy/sony-drm/

Scores

EPSS 0.0631
EPSS Percentile 92.8%

Details

CWE
CWE-94
Status published
Products (1)
first4internet_xcp_drm/first4internet_xcp_drm
Published Nov 17, 2005
Tracked Since Feb 18, 2026