Orbit Downloader URL Processing Buffer Overflow Vulnerability
Orbit Downloader URL Processing Buffer Overflow Vulnerability Secunia Advisory: SA29669   Release Date: 2008-04-04 Critical: Highly critical Impact: System access Where: From remote Solution Status: Vendor Patch Software:Orbit Downloader 2.xCVE reference:CVE-2008-1602 (Secunia mirror)Description:Diego Juarez has reported a vulnerability in Orbit Downloader, which potentially can be exploited by malicious people to compromise a user"s system. The vulnerability is caused due to a boundary error when converting processed URLs from ASCII to Unicode encoding. This can be exploited to cause a stack-based buffer overflow via an invalid URL longer than 4096 bytes. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in versions 2.6.3 and 2.6.4. Prior versions may also be affected.Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.Solution:Update to version 2.6.5.Provided and/or discovered by:Diego Juarez, Core Security TechnologiesOriginal Advisory:http://www.coresecurity.com/?action=item&id=2211