Net Transport, also known as NetXfer, is a download manager for Windows made by Xi Software. Among the protocols Net Transport can handle is eDonkey, a decentrailized peer to peer network for file sharing.
The Net Transport download manager fails to properly sanitize user input from the eDonkey network, specifically in processing eDonkey
**OP_LOGINREQUEST** packets. A successful attacker sending a specially crafted packet could cause a stack buffer overflow and execute arbitrary code.
Restrict access to the port used for eDonkey. Upgrade to a newer version of Net Transport that contains a fix.
Exploit runs on Xi Software Net Transport 2.90.510.
The eDonkey service port must be known by the attacker. By default, the application uses a random port.
The exploit may take a longer time to establish a shell connection.