Gadu-Gadu 6.0 File Download Filename Obfuscation Weakness

2004-08-23T00:00:00
ID EDB-ID:24404
Type exploitdb
Reporter Bartosz Kwitkowski
Modified 2004-08-23T00:00:00

Description

Gadu-Gadu 6.0 File Download Filename Obfuscation Weakness. CVE-2004-2530. Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/11017/info

Gadu-Gadu is a Polish instant messaging application for Microsoft Windows operating systems.

It is reported that the Gadu-Gadu instant messenger application contains a weakness allowing attackers to obfuscate file extensions.

This may allow an attacker to send potentially malicious executable files to users who think that they are downloading files that are believed to be harmless. 

file.ext%20(220%20kB)%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20.exe