PT-2009-2870 · Orbit · Orbit Downloader

Published

2009-02-26

Updated

2018-10-11

CVE-2009-0187

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Orbit Downloader versions 2.8.2 through 2.8.3 Orbit Downloader versions prior to 2.8.5

Description The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This is achieved by sending a crafted HTTP URL with a long host name, which is not properly handled when constructing a "Connecting" log message.

Recommendations For Orbit Downloader versions 2.8.2 and 2.8.3, update to version 2.8.5 or later. For Orbit Downloader versions prior to 2.8.5, update to version 2.8.5 or later.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2009-0187

Affected Products

Orbit Downloader

PT-2009-2870 · Orbit · Orbit Downloader

CVE-2009-0187

Weakness Enumeration

Related Identifiers

Affected Products

References · 11