RSS
Home > News > Kazaa security hole undermines network
Sep 11 2004

Kazaa security hole undermines network

  • Written by matrix2003
  • No Comments

On Friday IT managers got a fresh reason, if they needed one, to keep Kazaa and Grokster peer-to-peer software off users’ PCs: an unpatched security hole that affects both applications.

A vulnerability in Altnet Download Manager (ADM) 4.x, installed with Grokster and Kazaa, could allow an attacker to take over a vulnerable PC via a malicious Web page, according to an advisory from Danish security firm Secunia.

ADM is part of a marketing network that runs alongside standard peer-to-peer networks distributing sponsored content. It is installed by default alongside Kazaa and Grokster, two of the most popular file-sharing applications on the Internet. The bug has been confirmed on ADM versions 4.0.0.2 and 4.0.0.4, but may also affect other versions, Secunia said. ADM 4.0.0.4 is included in Kazaa 2.7.1, and ADM 4.0.0.2 is included in Grokster 2.6.

In the absence of a patch, Secunia advised users to remove ADM (”adm.exe”) or uninstall the file-sharing software.

The vulnerability is caused by a boundary error in the “IsValidFile()” method in the ADM ActiveX control, according to Secunia. An attacker could exploit the bug via a website by sending an overly-long string to the “bstrFilepath” parameter, causing a stack-based buffer overflow and allowing the execution of malicious code, the firm said. The vulnerability’s discoverer goes by the handle CelebrityHacker, Secunia said.

Secunia said the vulnerability is “highly critical”, the fourth-highest of its five severity ratings.

Last week, serious flaws were revealed in WinZip versions 3.x, 6.x, 7.x, 8.x and 9.x that could allow an attacker to execute malicious code on a Windows PC, the WinZip Computing said. A day earlier the Massachussetts Institute of Technology (MIT) warned of vulnerabilities in Kerberos that could allow attackers free access to protected systems.


Source: http://www.pcworld.idg.com.au/index.php/id;1164060834;fp;2;fpid;1

Related Posts

  1. ‘Greyhat’ Exposes New IE Flaw
  2. Kazaa Security Flaw
  3. Microsoft hOle
  4. KaZaA To Patch ‘Serious’ Vulnerability
  5. Apple fixes critical iTunes bug
Zeropaid on Facebook
Trackbacks url:

Leave a Comment...

  • Advertisement

    Giganews Newsgroups

1 Star2 Stars3 Stars4 Stars5 Stars Loading ... Loading ...

  • ralphie: lol here is my bill for $45000 in case you might hum a song I wrote...
  • ejonesss: no it isnt theft. when a car is broken into and the dash ripped open and the stereo is removed then the stereo is sto...
  • zcat: The interesting thing is, I have managed to watch entire movies in stores while waiting around for the wife and kids to ...
  • Sandra Ase: Hook up to lime wire...
  • mountain_rage: The reality is that when the original up loaders hosts the file, he is giving the perception, as well as permission to c...
  • Brewser: The Heat (H33t) is going to be the new demonoid! Clean and reliable torrents with descriptions. Don't tell anybody!...
  • Flashpwn: The list doesn't have Bibliotik in elearning and list's h33t a general (semi-private) tracker as anime....
  • Randy: Isn't that the same thing?...
    • sdsd