CVE-2002-1441

Name of the Vulnerable Software and Affected Versions Tomahawk SteelArrow versions prior to 4.5

Description The issue is related to multiple buffer overflows that allow remote attackers to execute arbitrary code. This can be achieved through the Steelarrow Service (Steelarrow.exe) by using a long UserIdent Cookie header, or through DLLHOST.EXE (Steelarrow.dll) via a request for a long .aro file, or via a Chunked Transfer-Encoding request.

Recommendations For versions prior to 4.5, update to version 4.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the Steelarrow Service and DLLHOST.EXE to minimize the risk of exploitation. Avoid using long UserIdent Cookie headers and requests for long .aro files in the affected API endpoints until the issue is resolved.