ReGet Deluxe .wjr file SaveTo attribute buffer overflow

2010-05-14T00:00:00
ID SAINT:7E95232F90BA8724761FB77DF03E2127
Type saint
Reporter SAINT Corporation
Modified 2010-05-14T00:00:00

Description

Added: 05/14/2010
BID: 37511

Background

ReGet Deluxe is a download manager for Windows.

Problem

A buffer overflow vulnerability allows command execution when a user opens a .wjr file containing a Download tag with a specially crafted SaveTo attribute.

Resolution

Do not open untrusted .wjr files using ReGet Deluxe.

References

<http://www.exploit-db.com/exploits/10664>

Limitations

Exploit works on ReGet Deluxe 5.2 build 330 and requires a user to open the exploit file in ReGet Deluxe.

Platforms

Windows XP