Xunlei Thunder Insecure Library Loading Arbitrary Code Execution Vulnerability
BID:53191
Info
Xunlei Thunder Insecure Library Loading Arbitrary Code Execution Vulnerability
| Bugtraq ID: | 53191 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-2224 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 23 2012 12:00AM |
| Updated: | Apr 23 2012 12:00AM |
| Credit: | Code Audit Labs |
| Vulnerable: |
Xunlei Xunlei Thunder 7.2.5.3364 |
| Not Vulnerable: |
Xunlei Xunlei Thunder 7.2.7.3492 |
Discussion
Xunlei Thunder Insecure Library Loading Arbitrary Code Execution Vulnerability
Xunlei Thunder is prone to a vulnerability that lets attackers execute arbitrary code.
A successful exploit can allow the attacker to execute arbitrary code in the context of the user running the affected application.
Xunlei Thunder 7.2.5.3364 is vulnerable; other versions may also be affected.
Xunlei Thunder is prone to a vulnerability that lets attackers execute arbitrary code.
A successful exploit can allow the attacker to execute arbitrary code in the context of the user running the affected application.
Xunlei Thunder 7.2.5.3364 is vulnerable; other versions may also be affected.
Exploit / POC
Xunlei Thunder Insecure Library Loading Arbitrary Code Execution Vulnerability
Attackers can exploit the issue using standard commands.
Attackers can exploit the issue using standard commands.
Solution / Fix
Xunlei Thunder Insecure Library Loading Arbitrary Code Execution Vulnerability
Solution:
Reportedly the vendor has fixed the issue, but Symantec has not confirmed it. Please contact the vendor for more information.
Solution:
Reportedly the vendor has fixed the issue, but Symantec has not confirmed it. Please contact the vendor for more information.
References
Xunlei Thunder Insecure Library Loading Arbitrary Code Execution Vulnerability
References:
References:
- Xunlei Thunder (Xunlei)
- Xunlei Thunder webpage (Xunlei)