Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21769
HistoryMay 04, 2009 - 12:00 a.m.

Grabit <= 1.7.2 beta 3 NZB file parsing stack overflow

2009-05-0400:00:00
vulners.com
7
JSON

Grabit <= 1.7.2 beta 3 NZB file parsing stack overflow

Impact: Remote code execution
Version: <= 1.7.2 beta 3

Description

Grabit is a popular Windows usenet client designed for downloading
binary files. It has support for NZB files, which a user would usually
acquire from an external source. Version 1.7.2 beta 3 is vulnerable to a
stack overflow when parsing DTD references in NZB files. Earlier
versions are vulnerable as well. Reliable exploitation is pretty
straightforward.

Fix

I reported this to the author a while ago. He has now released version
1.7.2 beta 4, which fixes the bug. It can be downloaded at
http://www.shemes.com/

Best regards,

Niels Teusink
http://blog.teusink.net/

JSON