Orbit Downloader URL Processing Remote Buffer Overflow Vulnerability


Description   A vulnerability has been identified in Orbit Downloader, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system. This issue is caused by a buffer overflow error when processing overly long download URLs (more than 4096 bytes), which could be exploited by attackers to crash an affected application or execute arbitrary code by tricking a user into downlading a file via a specially crafted URL.
     
Vulnerable Products   Vulnerable Software:
Orbit Downloader version 2.6.4 and prior
     
Solution   Upgrade to Orbit Downloader version 2.6.5 : http://dl.orbitdownloader.com/dl/OrbitDownloaderSetup.exe
     
CVE   CVE-2008-1602
     
References   http://www.coresecurity.com/?action=item&id=2211
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Possible buffer overflow on URL
3.2.0
     


 
 
 
 
 Risk level 
Critical 

 Vulnerability First Public Report Date 
2008-04-03 

 Target Type 
Client 

 Possible exploit 
Local & Remote