Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

LimeWire < 4.8.0 Directory Traversal Arbitrary File Access

Medium

Synopsis

The remote client is vulnerable to an arbitrary file download flaw.

Description

The remote host is running LimeWire, a Gnutella client used for peer-to-peer file sharing. The host is running a version of Limewire that is vulnerable to a remote exploit via a parsing error. An attacker exploiting this flaw would pass the client a specially formatted request which, when processed, would give the attacker the ability to download any file on the Gnutella client.

Solution

Upgrade to version 4.8.0 or higher.