 |
Name:
Download.Accelerator.Plus.M3u.Buffer.Overflow
|
Released Date:
Aug 8 2008
|
Severity:
critical
|
CVE:
2008-3182
|
|
|
Bugtraq:
30138
|
|
|
|
|
FortiGuard Center
> Vulnerability Encyclopedia
In-Depth Analysis
|
Description
|
This indicates an attempt to exploit a buffer-overflow vulnerability in Download Accelerator Plus.
The vulnerability is caused by an error when the vulnerable software handles an overly long MP3 URL. It allows a remote attacker to execute arbitrary code by tricking the user into importing a crafted M3U file and using the verify option.
|
|
|
|
Impact
|
|
System Compromise: Remote attackers can gain control of vulnerable systems.
|
|
|
|
Affected Products
|
|
Download Accelerator Plus (DAP) 7.0.1.3, 8.6.6.3, and other 8.x versions may also be affected.
|
|
Aliases
|
|
References
|
http://www.securityfocus.com/bid/30138
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-3182
|
|
Recommended Actions
|
|
Avoid importing files from untrusted sources.
|
|
