eMule DecodeBase16 function buffer overflow
| emule-decodebase16-bo (15730) |  High Risk |
Description:
eMule is vulnerable to a stack-based buffer overflow, caused by a vulnerability in the DecodeBase16 function. A remote attacker could exploit this vulnerability by sending a specially-crafted string to the DecodeBase16 function to overflow a buffer and execute arbitrary code on the system.
Consequences:
Gain Access
Remedy:
No remedy available as of July 9, 2011.
References:
- BugTraq Mailing List, Sat Apr 03 2004 - 03:31:11 CST: eMule v0.42d Buffer Overflow.
- eMule Web site: Official Home Page of eMule, Download, Support, FAQ.
- SecuriTeam Mailing List, Security Holes & Exploits 14 Apr 2004: eMule DecodeBase16 Remote Buffer Overflow Exploit Code.
- BID-10039: eMule Remote Buffer Overflow Vulnerability
- CVE-2004-1892: Stack-based buffer overflow in DecodeBase16 function, as used in the (1) IRC module and (2) web server in eMule 0.42d, allows remote attackers to execute arbitrary code via a long string.
- SA11289: eMule "DecodeBase16()" Buffer Overflow Vulnerability
Platforms Affected:
- eMule eMule 0.42d
Reported:
Apr 03, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net