Denial of Service Vulnerability in DivX player
Hi,
I received an alarming email from a client that had visited our Joomla web site. He was denied access to viewing our site due to a reported Denial of Service Vulnerability found in the - DivX player as reported below.
Is anyone aware of this vulnerability and how we can go about fixing it?
I look forward to your comments.
Thank you.
2010-01-19 14:18:27 HTTP-Clients HQ-is email Policy Name: HTTP-proxy-00 Action: ProxyBlock: Reason: HTTP Body IPS match Source IP: 10.**.*.** Source Port: 1496 Destination IP: ***.***.***.4 Destination Port: 80 ips_msg: DivX Web Player 1.3.0 (npdivx32.dll) Resize method Denial of Service signature_id: ED-38085 threat_level: 100 signature_cat: http-client host: www.website.com path: /plugins/system/jceutilities/js/jceutilities.js?v=222 proc_id="http" time="Tue Jan 19 14:18:27 2010 (CST)"
I'm not familiar with the IDS in use here, but as far as I can tell this user is behind a web proxy which is simply doing some filtering and it's unlikely that any exploit has occurred - particularly if you run the Joomla site and you know it is sanitary. The IDS is warning about a vulnerability in DivX Web Player 1.3.0. It's likely that it simply sees the player identifying itself as it connects to the server and decides to block connections thereafter. That version of DivX Web Player is very, very old. You may want to propose to your client that they upgrade to a later version of DivX Web Player.
We're currently shipping 2.0, but the most stable upgrade path at this time is probably 1.5, which you can find here.