Orbit Downloader URL Processing Buffer Overflow Vulnerability
Software:Orbit Downloader 2.xCVE reference:CVE-2008-1602 (Secunia mirror)Description:Diego Juarez has reported a
vulnerability in Orbit Downloader, which potentially can be exploited
by malicious people to compromise a user"s system.
The vulnerability is caused due to a boundary error when converting
processed URLs from ASCII to Unicode encoding. This can be exploited to
cause a stack-based buffer overflow via an invalid URL longer than 4096
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in versions 2.6.3 and 2.6.4. Prior versions may also be affected.Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.Solution:Update to version 2.6.5.Provided and/or discovered by:Diego Juarez, Core Security TechnologiesOriginal Advisory:http://www.coresecurity.com/?action=item&id=2211