|
Home Forum Radio Memberlist Help Search Quick Links | |
| Forum Index » Internet » Security Alerts and vulnerabilities » Kazaa Lite K++ K-Sig Directory Traversal Weakness |
| Security Alerts and vulnerabilities Lets keep abreast on the latest threats by posting those findings here.. |
 |
 |
|
Thread Tools | Display Modes |  |
|
#1
01-18-2005, 10:13 PM
|
||||
|
||||
|
Kazaa Lite K++ K-Sig Directory Traversal Weakness
The included K-Sig KL Extension (KSig.exe) installs a "sig2dat://" URI handler. The weakness is caused due to an input validation error when processing the "File:" argument of "sig2dat://" URIs. This can be exploited via a directory traversal attack to create or overwrite .dat files in arbitrary locations on a user's system by e.g. tricking the user into visiting a malicious web site or follow a specially crafted link. An error within the handling of the "Length" value was also reported, which crashes the K-Sig KL Extension with an EConvertError exception when processing an overly large value. The weakness has been confirmed in Kazaa Lite K++ 2.4.3 with K-Sig 1.2.3 (Build 5). Other versions may also be affected. Of course Kazaa Lite is illegal so the best solution is add/remove programs 
|
 Posted |
|
| Bookmarks |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Popups have seized my computer | skinsfan87 | Spyware / Virus Removal | 234 | 04-11-2005 02:18 PM |
| Internet Explorer FTP Download Directory Traversal | Mobo | Security Alerts and vulnerabilities | 0 | 01-04-2005 12:20 AM |
| " Kazaa is No. 1" | Mobo | News & Announcements | 4 | 12-01-2004 10:49 PM |
|
||
|
|
|
It appears you have not yet registered with our community
which limits what you can do & see. It's Free To register, please click here.
Linear Mode
