ActiveX Vulnerabilities in CinePlayer and InterActual Player

Secunia and CERT have released advisories regarding flaws in the above InterActual products. The flaw is specifically in IASystemInfo.dll, and the CERT post was nice enough to list the CLSIDs to set the killbits on. While these are by no means widespread products, it's worth noting that at this time there are no patches for the vulnerabilities.

This issue has been assigned CVE-2007-0348.