[原文]The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the First4Internet XCP DRM, has "safe for scripting" enabled, which allows remote attackers to execute arbitrary code by calling vulnerable functions such as RebootMachine, IsAdministrator, and ExecuteCode.
Sony CD First4Internet XCP Uninstallation CodeSupport.ocx ActiveX Control Arbitrary Code Execution
Remote / Network Access,
Loss of Integrity
Unknown or Incomplete
Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability. The MS05-054 cumulative update sets the kill bit on the First4Internet XCP Uninstallation ActiveX control.