Lucene search

Kaspersky LabKLA10061

HistoryDec 31, 2004 - 12:00 a.m.

KLA10061 ACE vulnerability in Kazaa & Grokster

2004-12-3100:00:00

Kaspersky Lab

threats.kaspersky.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.075 Low

EPSS

Percentile

94.2%

JSON

A buffer overflow vulnerability was found in Kazaa & Grokster. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited from the network at a point related to Altnet Download Manager via a specially designed bstrFilepath parameter.

Original advisories

vulnerability description

Related products

Kazaa

CVE list

CVE-2004-2433 critical

Solution

Update to latest version

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Affected Products

Kazaa Media Desktop versions from 1.3 to 2.6.4

References

www.cvedetails.com/cve/CVE-2004-2433/

statistics.securelist.com/

threats.kaspersky.com/en/product/Kazaa/

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.075 Low

EPSS

Percentile

94.2%

JSON

Related for KLA10061