Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0187

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-0187
Last Modified 27 Apr 2010 01:48:34
Published 26 Feb 2009 11:17:19
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0187

Summary

Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and possibly other versions before 2.8.5, allows remote attackers to execute arbitrary code via a crafted HTTP URL with a long host name, which is not properly handled when constructing a "Connecting" log message.

Vulnerable Systems

Application

  • Orbitdownloader Orbit Downloader 2.8.2

  • Orbitdownloader Orbit Downloader 2.8.3

  • Orbitdownloader Orbit Downloader 2.8.4


References

VUPEN - ADV-2009-0521

BID - 33894

XF - orbitdownloader-connecting-bo(48932)

BUGTRAQ - 20090225 Secunia Research: Orbit Downloader Long URL Parsing Buffer Overflow

MISC - http://secunia.com/secunia_research/2009-9/

SECUNIA - 33843

OSVDB - 52294


Last Updated: 27 May 2016 10:50:08