Security issues found in Sony's XCP uninstaller:

http://secunia.com/advisories/17610/
Sony CD First4Internet XCP Uninstallation ActiveX Control Vulnerability

Secunia Advisory: SA17610 Print Advisory
Release Date: 2005-11-16

Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched

Software: First4Internet XCP Content Management

Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.

Description:
A vulnerability has been reported in First4Internet XCP's uninstallation ActiveX control, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to the "CodeSupport.ocx" ActiveX control that is installed via Internet Explorer when the user un-installs the XCP DRM software by visiting the vendor's website. The ActiveX control is marked safe-for-scripting and supports several potentially dangerous methods like "RebootMachine", "InstallUpdate", and "IsAdministrator". This may be exploited to install arbitrary code on the user's system.

Successful exploitation requires that the user visits a malicious website.

The vulnerability is related to:
SA17408

Solution:
Remove the ActiveX control from the system if it is installed.

Provided and/or discovered by:
Muzzy, J. Alex Halderman, and Ed Felten.

Original Advisory:
http://www.freedom-to-tinker.com/?p=927
http://hack.fi/~muzzy/sony-drm/

Other References:
SA17408:
http://secunia.com/advisories/17408/

http://www.gotapex.com/forums/showthread.php?t=93369

The cure is worse than the poison it seems.

Oh that's just great. Tell me again why people should by CDs instead of just downloading mp3s? :eek2:

Oh that's just great. Tell me again why people should by CDs instead of just downloading mp3s? :eek2:

:agree:

please oh please let Sony burn to the ground because of this. Let it be a lesson to those damned DRM purveyors who think consumers will bend backwards for their IP.