CVE-2004-2433

Name of the Vulnerable Software and Affected Versions: Altnet Download Manager versions 4.0.0.4 and earlier Kazaa Media Desktop versions 1.3 through 2.6.4 Grokkster versions 1.3 through 2.6

Description: The issue is related to a buffer overflow in the IsValidFile function within the ADM ActiveX control. This can be exploited by remote attackers to execute arbitrary code by providing a long bstrFilepath parameter.

Recommendations: For Altnet Download Manager versions 4.0.0.4 and earlier, update to a version later than 4.0.0.4. For Kazaa Media Desktop versions 1.3 through 2.6.4, update to a version later than 2.6.4. For Grokkster versions 1.3 through 2.6, update to a version later than 2.6. As a temporary workaround, consider restricting the use of the IsValidFile function in the ADM ActiveX control until a patch is available.