Shareaza Update Notification Spoofing Vulnerability Network Vulnerability

Summary

This host has Shareaza installed and is prone Update Notification Spoofing vulnerabilities.

Impact

Successful exploitation will let the attackers conduct spoofing attacks. Impact Level: Application

Solution

Upgrade Shareaza version to 2.3.1.0 http://shareaza.sourceforge.net/?id=download

Insight

The flaw is due to update notifications being handled via the domain update.shareaza.com, which is no longer controlled by the vendor. This can be exploited to spoof update notifications.

Affected

Shareaza version prior to 2.3.1.0

References

http://secunia.com/advisories/28302
http://sourceforge.net/project/shownotes.php?group_id=110672&release_id=565250
http://xforce.iss.net/xforce/xfdb/39484

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-7164

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Active Perl Locale::Maketext Module Multiple Code Injection Vulnerabilities (Windows)
Adobe AIR Security Bypass Vulnerability Jan14 (Mac OS X)
Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows
Adobe Acrobat Remote Code Execution Vulnerability(Win)
Adobe AIR Multiple Vulnerabilities -01 April 13 (Windows)

Take action and discover your vulnerabilities