iMesh Runs Arbitrary Code

 
iMesh May Run Arbitrary Code
Reported June 29 by
Blue Panda

VERSIONS EFFECTED
Windows 9x

DESCRIPTION

iMesh is a service that enables people to locate and share files.
According to a report from a person using the pseudonym Blue Panda, iMesh 1.02, builds 116 and 177, are vulnerable to a buffer overflow that may execute arbitrary code.

Upon connecting to a given server, iMesh listens on a variable TCP port. An intruder could connect to that arbitrary port and then instigate a buffer overrun to execute on the remote machine.

VENDOR RESPONSE

According to the discoverer, iMesh is aware of the issue and will provide a fix in the next release of their product.

CREDITS
Discovered and reported by Blue Panda

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish