Signature Detail

P2P: eMule DecodeBase16 Overflow

This signature detects attempts to exploit a known vulnerability against eMule v0.42. eMule v0.42 and earlier are vulnerable. Attackers can send excessive amounts of hex-encoded data in an IRC private message to execute arbitrary code in the user context.

Extended Description

eMule is prone to a remote buffer overflow vulnerability. This issue is due to a failure of the application to properly validate buffer boundaries during memory copy operations. Successful exploitation would immediately produce a denial of service condition in the affected process. This issue may also be leveraged to execute code on the affected system within the security context of the user running the vulnerable process.

Affected Products

• Emule 0.42.0 d

References

• BugTraq: 10039
• CVE: CVE-2004-1892
• URL: http://www.net-security.org/vuln.php?id=3369
• URL: http://www.securitytracker.com/alerts/2004/Apr/1009651.html