Denial of service against Kazaa Media Desktop v2

2007.10.20
Credit: Marc Ruef
Risk: Low
Local: No
Remote: Yes
CWE: N/A


CVSS Base Score: 9/10
Impact Subscore: 8.5/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Complete

Hi! It is possible to cause a remote denial of service attack against Kazaa Media Desktop v2. If you can inject a malicous response for the automated ad download of the client, you can cause a bufferoverflow and the denial of service. It may be possible to run arbitary code with this vulnerability. The easiest way to reproduce this behavior is deny all http connections to hosts named *ad*. For example activate the "Block Sites" feature of the NetGear FM114P and block the keyword "ad". After this change, every time you start the vulnerable Kazaa client, the software crashes with the typical windows error message during connection establishment. Tested on Kazaa Media Desktop 2.0.2, Built Tuesday, November 05, 2002, 17:07:24 on Windows XP Professional with NetGear FM114P. My bug report was sent on 03/01/27 to The Sharman Networks Team. Nothing came back - Just the automated default reply. Bye, Marc -- Computer, Technik und Security http://www.computec.ch/ Meine private Webseite http://www.computec.ch/mruef/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top