icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

LimeWire < 4.8.0 Directory Traversal Arbitrary File Access

Medium

Synopsis

The remote client is vulnerable to an arbitrary file download flaw.

Description

The remote host is running LimeWire, a Gnutella client used for peer-to-peer file sharing. The host is running a version of Limewire that is vulnerable to a remote exploit via a parsing error. An attacker exploiting this flaw would pass the client a specially formatted request which, when processed, would give the attacker the ability to download any file on the Gnutella client.

Solution

Upgrade to version 4.8.0 or higher.