Vulnerability Detail

Kazaa Media Desktop ad response denial of service vulnerability

Date Discovered:
2 Feb 2003

Date Published:
6 Feb 2003

Last Updated:
18 Oct 2004

Threat Assessment

Overall Risk: Medium

Popularity : High

Impact: High

Simplicity: Low

Characteristics

Vulnerability ID: 7098
Discovered By: Marc Reuf

Exploitable Locally: No
Exploitable Remotely: Yes

Impact: Remote attackers can cause a denial of service or execute arbitrary code.

Root Cause: Software Vulnerability

Description

Recommendations

Affected Technologies

References

Description

Kazaa Media Desktop is vulnerable to a flaw that can allow remote attackers to cause a denial of service and possibly execute arbitrary code. The flaw is due to insufficient handling of corrupt responses to the automated ad download request. A remote attacker can inject a carefully crafted string into the add request response to overflow the buffer and cause a denial of service or exploit arbitrary code. This is an a non-priority technology advisory.

Recommendations

The vendor has not released a patch to address this flaw. As a workaround solution, block all ad responses with a perimeter firewall. Alternatively, users can obtain Kazaa Lite, a popular ad-free and spyware-free kazza client.

Vendor site: http://www.kazaa.com

Affected Technologies

Sharman Networks Ltd.: KaZaA 2.0
Sharman Networks Ltd.: KaZaA 2.0.2

References

Mitre CVE: CVE-2002-2270

CA Global Security Advisor

Current threat condition: Low

Documents and Tools

Find Threats

Viruses Spyware
Vulnerabilities All

Page Tools