Added: 03/04/2009
CVE: CVE-2009-0187
BID: 33894
OSVDB: 52294
Orbit Downloader is a download manager supporting various protocols.
A buffer overflow vulnerability when constructing “Connecting” log messages allows command execution when a user loads an HTTP URL with a long, specially crafted hostname.
Upgrade to Orbit Downloader 2.8.5.
<http://secunia.com/secunia_research/2009-9/>
Exploit works on Orbit Downloader 2.8.4 and requires a user to load the exploit page in Internet Explorer 6.
Windows