# Altnet Download Manager Buffer Overflow Vulnerability (Highly critical)



## jgvernonco (Sep 13, 2003)

Altnet Download Manager Buffer Overflow Vulnerability

SECUNIA ADVISORY ID:
SA12446

VERIFY ADVISORY:
http://secunia.com/advisories/12446/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Altnet Download Manager 4.x
http://secunia.com/product/3862/

DESCRIPTION:
CelebrityHacker has discovered a vulnerability in Altnet Download
Manager, which can be exploited by malicious people to compromise a
user's system.

The vulnerability is caused due to a boundary error within the
"IsValidFile()" method in the ADM ActiveX control. This can be
exploited to cause a stack-based buffer overflow via e.g. a malicious
web site by passing an overly long string to the "bstrFilepath"
parameter.

Successful exploitation may allow execution of arbitrary code.

The vulnerability has been confirmed on Altnet Download Manager
4.0.0.2 and 4.0.0.4. Other versions may also be affected.

NOTE: The application is included in the file-sharing applications
Kazaa and Grokster.

SOLUTION:
Remove the Altnet Download Manager.

PROVIDED AND/OR DISCOVERED BY:
CelebrityHacker


----------

