Orbit Downloader URL Unicode conversion buffer overflow

Added: 07/07/2008
CVE: CVE-2008-1602
BID: 28541
OSVDB: 44036

Background

Orbit Downloader is a download manager supporting various protocols.

Problem

A buffer overflow vulnerability during Unicode conversion in the download failure notification message allows command execution when Orbit Downloader is given a long, specially crafted download URL.

Resolution

Upgrade to Orbit Downloader 2.6.5 or higher.

References

http://www.securityfocus.com/archive/1/490458

Limitations

Exploit works on Orbit Downloader 2.6.4 and requires a user to download the exploit URL.

Platforms

Windows

Back to exploit index