eMule IRC Module / Web Server DecodeBase16 Function Remote Overflow

This script is Copyright (C) 2009-2011 Tenable Network Security, Inc.

Synopsis :

Arbitrary code may be run on this host.

Description :

According to its version, the eMule Web Server listening on this port
contains a buffer overflow vulnerability in the 'DecodeBase16'
function due to a lack of length checks on its inputs. An anonymous
remote attacker may be able to leverage this issue to execute
arbitrary code on the affected host.

See also :


Solution :

Either upgrade to eMule version 0.42e or later, do not use the eMule
web server and IRC client, or uninstall eMule.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true

Family: Peer-To-Peer File Sharing

Nessus Plugin ID: 42833 (eMule_http_flaws.nasl)

Bugtraq ID: 10039

CVE ID: CVE-2004-1892