Vulnerability CVE-2004-2433


Published: 2004-12-31   Modified: 2012-02-12

Description:
Buffer overflow in the IsValidFile function in the ADM ActiveX control for Altnet Download Manager 4.0.0.4 and earlier, as used in Kazaa Media Desktop 1.3 through 2.6.4 and Grokkster 1.3 through 2.6, allows remote attackers to execute arbitrary code via a long bstrFilepath parameter.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Kazaa -> Kazaa media desktop 
Grokster -> Grokster 
Altnet -> Altnet download manager 

 References:
http://www.securityfocus.com/bid/11101
http://secunia.com/advisories/12446
http://xforce.iss.net/xforce/xfdb/17221
http://www.osvdb.org/9549
http://securitytracker.com/id?1011155
http://secunia.com/advisories/12456

Copyright 2021, cxsecurity.com

 

Back to Top