NewsBin Pro Long File Name Buffer Overflow Vulnerability

Bugtraq ID:	22940
Class:	Boundary Condition Error
CVE:	CVE-2007-1569
Remote:	Yes
Local:	No
Published:	Mar 13 2007 12:00AM
Updated:	May 12 2015 07:33PM
Credit:	Marsu is credited with the discovery of this issue.
Vulnerable:	NewsBin Pro NewsBin Pro 4.3.2
Not Vulnerable:

NewsBin Pro Long File Name Buffer Overflow Vulnerability

NewsBin Pro is prone to a remote buffer-overflow because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker could exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

This issue affects version 4.32; other versions may also be affected.

NewsBin Pro Long File Name Buffer Overflow Vulnerability

An attacker can exploit this issue by enticing an unsuspecting user to download a specially crafted '.nzb' file using the affected application.

The following proof of concept is available:

• /data/vulnerabilities/exploits/22940.c

NewsBin Pro Long File Name Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

NewsBin Pro Long File Name Buffer Overflow Vulnerability

References:

• NewsBin Pro Homepage (NewsBin Pro )