Signature Detail
Short Name |
HTTP:STC:DL:ORBIT-DOWNLOADER-OF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Orbit Downloader Download Failed Buffer Overflow |
Release Date |
2013/09/04 |
Update Number |
2296 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Orbit Downloader Download Failed Buffer Overflow
This signature detects attempts to exploit a known vulnerability in Orbit Downloader. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the process's user.
Extended Description
Orbit Downloader is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will cause a denial-of-service condition. This issue affects versions prior to Orbit Downloader 2.6.5.
Affected Products
- Orbit Downloader 2.6.3
- Orbit Downloader 2.6.4
References
- BugTraq: 28541
- CVE: CVE-2008-1602