News File Grabber Subject Line Stack Buffer Overflow Vulnerability

Bugtraq ID:	22617
Class:	Boundary Condition Error
CVE:	CVE-2007-1037
Remote:	Yes
Local:	No
Published:	Feb 19 2007 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	Marsu Pilami is credited with the discovery of this vulnerability.
Vulnerable:	News File Grabber News File Grabber 4.1.0.1
Not Vulnerable:

News File Grabber Subject Line Stack Buffer Overflow Vulnerability

News File Grabber is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Exploiting this issue allows attackers to execute arbitrary machine code in the context of the affected application.

This issue affects version 4.1.0.1; other versions may also be affected.

News File Grabber Subject Line Stack Buffer Overflow Vulnerability

The following proof-of-concept exploits are available:

• /data/vulnerabilities/exploits/22617-parveen.pl
• /data/vulnerabilities/exploits/Generic_NZB_DoS.c

News File Grabber Subject Line Stack Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

News File Grabber Subject Line Stack Buffer Overflow Vulnerability

References:

• News File Grabber Homepage (News File Grabber )