In association with heise online

« previous | next »
14 August 2008, 20:51

Buffer overflow in FlashGet download manager

Version 1.9 of the highly popular Flashget download manager for Windows apparently displays a buffer overflow that could be exploited to smuggle in code and execute it.

The error occurs when Flashget contacts an FTP server and the latter responds to the PWD command with an overlong string. A buffer on the stack then overflows and, as usual, this can readily be exploited.

An exploit that has already been published contains no shellcode, but in a short test by heise Security it made the current Flashget, version 1.9.6.1073, crash as claimed. As yet, no patch or corrected version is available.

(trk)

Add your comment

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-736905

Also on The H:

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit
The H Open Headlines

Price Insight Top 10 powered by Skinflint

  1. Samsung Galaxy S2 i9100 16GB schwarz
  2. Crucial m4 SSD 128GB
  3. Intel Core i5-2500K
  4. TeamGroup Elite DIMM Kit 8GB PC3-10667U CL9-9-9-24 (DDR3-1333)
  5. Intel Core i7-2600K
  6. ASUS EAH6870 DC/2DI2S/1GD5
  7. ASRock Z68 Pro3
  8. Samsung Galaxy S Plus i9001 schwarz 8GB
  9. Samsung EcoGreen F4 2000GB
  10. Samsung Galaxy S i9000 schwarz 8GB

The H

The H open source

The H Security

The H Internet Toolkit