{"nessus": [{"lastseen": "2019-11-01T02:18:16", "bulletinFamily": "scanner", "description": "According to its version number, the DC++ client installed on the\nremote host is affected by a vulnerability that may let a remote user\nappend data to files anywhere on the drive on which DC++ is\ninstalled.", "modified": "2019-11-02T00:00:00", "id": "DCPLUSPLUS_DOWNLOAD_DRIVE_FILE_APPENDS.NASL", "href": "https://www.tenable.com/plugins/nessus/18012", "published": "2005-04-12T00:00:00", "title": "DC++ Download Drive Arbitrary File Appending", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description) {\n script_id(18012);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/07/06 11:26:08\");\n\n script_cve_id(\"CVE-2005-1089\");\n script_bugtraq_id(13088);\n\n script_name(english:\"DC++ Download Drive Arbitrary File Appending\");\n script_summary(english:\"Checks for download drive file appending vulnerability in DC++\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains an application that is affected by a\nfile integrity flaw.\" );\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the DC++ client installed on the\nremote host is affected by a vulnerability that may let a remote user\nappend data to files anywhere on the drive on which DC++ is\ninstalled.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://sourceforge.net/project/shownotes.php?group_id=40287&release_id=319316\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to DC++ 0.674 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/04/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/04/11\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\n\n# Look in the registry for the version of DC++ installed.\nkey = \"SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/DC++/DisplayVersion\";\nver = get_kb_item(key);\nif (ver && ver =~ \"^0\\.([0-5]|6([0-6]|7[0-3]))\")\n security_warning(get_kb_item(\"SMB/transport\"));\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}]}