Winny contains a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Winny (also referred to as WinNY) is a popular Japanese peer-to-peer file sharing application. A flaw exists in this program due to an unbounded strcpy() of remotely-supplied user input during the handling of certain commands provided by the file transfer feature. This flaw results in a heap-based buffer overflow vulnerability due to the lack of validation on the size of user input. A remote attacker may be able exploit this vulnerability by sending a specially crafted message to a vulnerable Winny installation.
A remote unauthenticated attacker may be able to execute arbitrary code on a system running the vulnerable software. The attacker-supplied code would be executed in the context of the user running Winny.
The CERT/CC is currently unaware of a practical solution to this problem.
Discontinue use of the product
Thanks to JPCERT/CC for reporting this vulnerability. Discovery and research of this vulnerability was performed by eEye Digital Security.
This document was written by Chad R Dougherty.
|Date First Published:||2006-04-28|
|Date Last Updated:||2006-05-31 13:17 UTC|