In association with heise online

05 October 2007, 08:10

Security vulnerability in Altnet Download Manager

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A security vulnerability in the Altnet Download Manager (ADM) puts the PCs of Kazaa and Grokster users at risk. The Altnet Download Manager is intended to expand file searches in Kazaa und Grokster.

According to Bugtraq, the manager's ActiveX control (adm4.dll) causes a buffer overflow when the argument of an install function call is too long. Code can also be introduced and executed. This can be done by luring the user into accessing a malicious website. Versions of Altnet Download Manager up to 4.0.0.6 are vulnerable. As a result, versions of Kazaa up to 3.2.7.0, and Grokster up to 2.6 are also affected.

Currently, there is no patch available. As a workaround, either a kill-bit can be set for the control (CLSID DEF37997-D9C9-4A4B-BF3C-88F99EACEEC2) to prevent downloading in Internet Explorer, or the ADM file (adm.exe) can simply be deleted.

The Altnet Download Manager expands file searches in Kazaa and Grokster.

See also:

(ehe)

Print Version | Send by email | Permalink: http://h-online.com/-733734
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit