CVE-2009-0187

Published: 26/02/2009 Updated: 11/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 940

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and possibly other versions prior to 2.8.5, allows remote malicious users to execute arbitrary code via a crafted HTTP URL with a long host name, which is not properly handled when constructing a "Connecting" log message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
orbitdownloader orbit downloader 2.8.4
orbitdownloader orbit downloader 2.8.2
orbitdownloader orbit downloader 2.8.3

## # $Id: orbit_connectingrb 9262 2010-05-09 17:45:00Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class ...

<html> <body> Orbit <=284 Long Hostname Buffer Overflow Vulnerability Poc Vulnerability discovered by Secunia Exploit and POC provided by: JavaGuru Right click on link below then choose download by orbit, CALCEXE will pop up I got a lot of problems when try ...

CWE-119 http://secunia.com/secunia_research/2009-9/http://secunia.com/advisories/33843 http://www.securityfocus.com/bid/33894 http://www.vupen.com/english/advisories/2009/0521 http://osvdb.org/52294 https://exchange.xforce.ibmcloud.com/vulnerabilities/48932 http://www.securityfocus.com/archive/1/501220/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/16569/

CVE-2009-0187

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect