Signature Detail

HTTP: Orbit Downloader Long URL Stack Buffer Overflow

A buffer overflow vulnerability exists in Orbit Downloader. The vulnerability is caused due to insufficient boundary checking in the URL string processing. An attacker may exploit this vulnerability by enticing a target user to open a malicious long URL. Successful exploitation might lead to injection and execution of arbitrary code in the security context of the currently logged in user. If code execution is successful, the behaviour of the target will depend on the intention of the injected code. Otherwise, Orbit Downloader may terminate abnormally.

Extended Description

Orbit Downloader is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will cause a denial-of-service condition. This issue affects versions prior to Orbit Downloader 2.8.5.

Affected Products

• Orbit Downloader 2.8.2
• Orbit Downloader 2.8.3
• Orbit Downloader 2.8.4

References

• BugTraq: 33894
• CVE: CVE-2009-0187