Check Point Advisories

Update Protection against Winny Remote Buffer Overflow Vulnerability

Check Point Reference: CPAI-2006-045
Date Published: 21 May 2006
Severity: High
Last Updated: Monday 07 May, 2007
Source: eEye
Industry Reference:CVE-2006-2007
Protection Provided by:
Who is Vulnerable? Winny version 2.0 b7.1 and before
Windows NT 4.0
Windows 98 / ME
Windows 2000
Windows XP
Windows 2003
Vulnerability Description A critical vulnerability was reported in Winny, a popular Japanese P2P application. The vulnerability may allow a remote attacker to execute arbitrary code in the context of the user who executed the Winny.
Vulnerability DetailsThis vulnerability exists in the handling of specific commands provided by the file transfer port. This vulnerability exists within a strcpy(). A long string argument can be passed with some commands into a heap buffer. There is no checking of the length of this input.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK