Orbit Downloader URL Processing Buffer Overflow Vulnerability - Security


Editor Login \| Register		Ekle

> World > Security

Orbit Downloader URL Processing Buffer Overflow Vulnerability - Security - World -

CWRedLight

(Date : 04.04.2008 17:12:17)

Orbit Downloader URL Processing Buffer Overflow Vulnerability

Secunia Advisory:	SA29669
Release Date:	2008-04-04

Critical:	Highly critical
Impact:	System access
Where:	From remote
Solution Status:	Vendor Patch

Software:	Orbit Downloader 2.x

CVE reference:	CVE-2008-1602 (Secunia mirror)

Description:
Diego Juarez has reported a vulnerability in Orbit Downloader, which potentially can be exploited by malicious people to compromise a user"s system.

The vulnerability is caused due to a boundary error when converting processed URLs from ASCII to Unicode encoding. This can be exploited to cause a stack-based buffer overflow via an invalid URL longer than 4096 bytes.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions 2.6.3 and 2.6.4. Prior versions may also be affected.

Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.

Solution:
Update to version 2.6.5.

Provided and/or discovered by:
Diego Juarez, Core Security Technologies

Original Advisory:
http://www.coresecurity.com/?action=item&id=2211

Derecelendir

Kaynak

http://secunia.com/advisories/29669/

İçerik İhbarı

Bağlantılar: bilgininefendisi.net

Open Source Document Project

AUP&TOS