ActiveX control bug bites Creative Labs AutoUpdate engine

Summary:A high-severity security flaw in the Creative Software automatic update engine could put Windows computers at risk of remote code execution attacks, according to a warning from the US-CERT (Computer Emergency Readiness Team).The vulnerability affects the software used to provide updates to Creative Labs' audio/video entertainment product line, which includes the popular Zen MP3 player line.

A high-severity security flaw in the Creative Software automatic update engine could put Windows computers at risk of remote code execution attacks, according to a warning from the US-CERT (Computer Emergency Readiness Team).

ActiveX vulnerability haunts Creative Labs AutoUpdate engine
The vulnerability affects the software used to provide updates to Creative Labs' audio/video entertainment product line, which includes the popular Zen MP3 player line.

This line in the US-CERT advisory is the most important:  "We are currently unaware of a practical solution to this problem."

eEye Digital Security, the company credited with reporting the bug, says a proof-of-concept is available on a public exploit site.

Vulnerability description:

The Creative Software AutoUpdate Engine ActiveX control is a component that provides automatic update capabilities to Creative Labs software. This ActiveX control is provided by the file CTSUEng.ocx. The Create Software AutoUpdate Engine ActiveX control is marked Safe For Scripting and Safe For Initialization, which means that a web page in Internet Explorer has the ability to interact with the control. This ActiveX control contains a stack buffer overflow in the CacheFolder property.

A successful attack will allow remote code execution in the context of the logged in user.  eEye warns that ActiveX remote code execution  vulnerabilities have very high impacts since the source of the malicious payload can be any site on the Internet.

An even more critical problem is generated when clients are administrators on their local hosts, which would run the malicious payload with Administrator credentials.

Mitigation: In the absence of a patch, the best form of mitigation is available by setting the CLSID for the buggy ActiveX control: 0A5FD7C5-A45C-49FC-ADB5-9952547D5715.  Instructions available in this Microsoft KB article.

It's important to note the the Creative Labs AutoUpdate Engine ActiveX is included by default with many hardware devices that Creative Labs distributes.  The hardware and software products listed below depend on the vulnerable ActiveX for updates:

Sound cards: Audigy Audigy 2 Audigy 2 LS Audigy 2 NX Audigy 2 Platinum Audigy 2 Platinum eX Audigy 2 Value Audigy 2 ZS Audigy 2 ZS Gamer Audigy 2 ZS Notebook Audigy 2 ZS Platinum Audigy 2 ZS Platinum Pro Audigy 2 ZS Video Editor Audigy 4 Pro Audigy Gamer Audigy LS Audigy MP3+ Audigy Platinum Audigy Platinum eX Live! 24-bit Live! 24-bit External Live! 5.1 Live! 5.1 Digital (Dell) Live! ADVANCED MB MP3 + Sound Blaster Audigy 2 ZS Digital Audio Sound Blaster Audigy ADVANCED MB Sound Blaster X-Fi Fatal1ty Wireless Music X-Fi Elite Pro X-Fi Platinum X-Fi XtremeMusic

USB Sound Blaster: Audigy 2 NX MP3 +

Portable Audio: MuVo MuVo NX MuVo Slim MuVo TX MuVo TX FM MuVo² X-Trainer MuVo² MuVo² FM NOMAD II 32MB NOMAD II MG NOMAD IIc NOMAD Jukebox 3 NOMAD Jukebox ZEN Rhomba

Portable Media Players: ZEN Portable Media Center ZEN Vision 30GB

MP3 Players: MuVo MuVo 2.0 / MuVo Mix MuVo Micro MuVo NX MuVo Slim MuVo Sport C100 MuVo TX MuVo TX FM MuVo V200 MuVo² X-Trainer MuVo² MuVo² FM NOMAD II 32MB NOMAD II MG NOMAD II MG Limited Edition NOMAD IIc NOMAD JukeBox NOMAD Jukebox 10GB NOMAD Jukebox 2 NOMAD Jukebox 3 NOMAD Jukebox C NOMAD Jukebox ZEN NOMAD Jukebox ZEN NX NOMAD Jukebox ZEN USB 2.0 Rhomba ZEN 20GB ZEN Micro ZEN Nano 512MB ZEN Nano Plus ZEN Neeon 5GB/6GB ZEN Portable Media Center ZEN Sleek ZEN Touch ZEN Vision 30GB ZEN Xtra

Web Cameras: Creative PC-CAM 900 Creative WebCam Vista Game Star Live! Ultra for Notebooks PC-CAM 880 WebCam Instant WebCam Instant WebCam Live! WebCam Live! Pro WebCam Live! Ultra WebCam Notebook WebCam NX WebCam NX Pro WebCam NX Ultra WebCam Vista

Video: Audigy 2 ZS Video Editor

Wireless: Wireless Music

Notebook Products: Audigy 2 NX Audigy 2 ZS Notebook Live! 24-bit External Live! Ultra for Notebooks MP3 + WebCam Notebook

Topics: Security, Software Development

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.