| Name | Download.Accelerator.Plus.M3u.Buffer.Overflow |
| Release Date | Aug 08, 2008 |
| Severity | Critical |
| Impact | System Compromise: Remote attackers can gain control of vulnerable systems. |
| Description | This indicates an attempt to exploit a buffer-overflow vulnerability in Download Accelerator Plus.
The vulnerability is caused by an error when the vulnerable software handles an overly long MP3 URL. It allows a remote attacker to execute arbitrary code by tricking the user into importing a crafted M3U file and using the verify option. |
| Affected Products | Download Accelerator Plus (DAP) 7.0.1.3, 8.6.6.3, and other 8.x versions may also be affected. |
| Recommended Actions | Avoid importing files from untrusted sources. |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-3182
|
| Reference/s | http://www.securityfocus.com/bid/30138 (BugTraq)
|