CVE-2008-1602

Name of the Vulnerable Software and Affected Versions Orbit downloader versions 2.6.3 through 2.6.4

Description The issue is related to a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This occurs when a long download URL is not properly handled during Unicode conversion for a balloon notification after a download has failed.

Recommendations For Orbit downloader versions 2.6.3 and 2.6.4, consider avoiding the use of long download URLs until a fix is available. As a temporary workaround, restrict the handling of download URLs to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.