In association with heise online

14 August 2008, 19:51

Buffer overflow in FlashGet download manager

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Version 1.9 of the highly popular Flashget download manager for Windows apparently displays a buffer overflow that could be exploited to smuggle in code and execute it.

The error occurs when Flashget contacts an FTP server and the latter responds to the PWD command with an overlong string. A buffer on the stack then overflows and, as usual, this can readily be exploited.

An exploit that has already been published contains no shellcode, but in a short test by heise Security it made the current Flashget, version, crash as claimed. As yet, no patch or corrected version is available.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit