SECOBJADV-2008-03.2: PartyGaming PartyPoker Malicious Update Vulnerability

====================================================================== = Security Objectives Advisory SECOBJADV-2008-03.2 = ====================================================================== PartyGaming PartyPoker Malicious Update Vulnerability...

PartyGaming PartyPoker updates spoofing

Cryptography is not used to validate update authenticity...

CVE-2008-3324

The PartyGaming PartyPoker client program 121/120 does not properly verify the authenticity of updates, which allows remote man-in-the-middle attackers to execute arbitrary code via a Trojan horse update...

CVE-2008-3324

The PartyGaming PartyPoker client program 121/120 does not properly verify the authenticity of updates, which allows remote man-in-the-middle attackers to execute arbitrary code via a Trojan horse update...

CVE-2008-3324

CVE-2008-3324 affects PartyGaming PartyPoker client 121/120. The issue is an origin validation/verification failure for updates, allowing remote attackers to perform a man-in-the-middle attack and deliver a Trojan horse update that executes arbitrary code. Exploitation requires impersonating the ...