Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Altnet Download Manager 4.x --- Bundle with Kazaa and Grokster
CelebrityHacker has discovered a vulnerability in Altnet Download Manager, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the "IsValidFile()" method in the ADM ActiveX control. This can be exploited to cause a stack-based buffer overflow via e.g. a malicious web site by passing an overly long string to the "bstrFilepath" parameter.
Successful exploitation may allow execution of arbitrary code.
The vulnerability has been confirmed on Altnet Download Manager 22.214.171.124 and 126.96.36.199. Other versions may also be affected.
NOTE: The application is included in the file-sharing applications Kazaa and Grokster.
Remove the Altnet Download Manager.