Release DateApr 01, 2009 |
Severitycritical |
ImpactOrbit Downloader 2.8.2 and 2.8.3 |
DescriptionThis indicates an attack attempt against a buffer-overflow vulnerability in Orbit Downloader.The vulnerability is caused by an error when the vulnerable software handles a malicious long host name. It allows a remote attacker to execute arbitrary code by enticing the user to open a specially crafted URI. |
Affected ProductsSystem Compromise: Remote attackers can gain control of the vulnerable system |
Recommended ActionsUpgrade to the latest version 2.8.5, available from the following web site:http://www.orbitdownloader.com/download.htm |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2009-0187 |
Reference/shttp://www.securityfocus.com/bid/33894 (BugTraq) |
