HTTP: Orbit Downloader Long URL Stack Buffer Overflow
A buffer overflow vulnerability exists in Orbit Downloader. The vulnerability is caused due to insufficient boundary checking in the URL string processing. An attacker may exploit this vulnerability by enticing a target user to open a malicious long URL. Successful exploitation might lead to injection and execution of arbitrary code in the security context of the currently logged in user. If code execution is successful, the behaviour of the target will depend on the intention of the injected code. Otherwise, Orbit Downloader may terminate abnormally.
Extended Description
Orbit Downloader is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will cause a denial-of-service condition. This issue affects versions prior to Orbit Downloader 2.8.5.
Affected Products
Orbit_downloader orbit_downloader
Short Name
HTTP:STC:ORBIT-DL-URL
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Buffer CVE-2009-0187 Downloader Long Orbit Overflow Stack URL bid:33894
Release Date
07/18/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Orbit_downloader
CVSS Score
9.3