{"vuid":"VU#167033","idnumber":"167033","name":"Winny contains a buffer overflow","keywords":["Winny","buffer overflow"],"overview":"Winny contains a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.","clean_desc":"Winny (also referred to as WinNY) is a popular Japanese peer-to-peer file sharing application. A flaw exists in this program due to an unbounded strcpy() of remotely-supplied user input during the handling of certain commands provided by the file transfer feature. This flaw results in a heap-based buffer overflow vulnerability due to the lack of validation on the size of user input. A remote attacker may be able exploit this vulnerability by sending a specially crafted message to a vulnerable Winny installation.","impact":"A remote unauthenticated attacker may be able to execute arbitrary code on a system running the vulnerable software. The attacker-supplied code would be executed in the context of the user running Winny.","resolution":"The CERT/CC is currently unaware of a practical solution to this problem.","workarounds":"Workarounds Discontinue use of the product\nDue to extenuating circumstances, the author is unable to provide patches for this issue. Users concerned with security should consider discontinuing use of the product.","sysaffected":"","thanks":"Thanks to JPCERT/CC for reporting this vulnerability. Discovery and research of this vulnerability was performed by \neEye Digital Security","author":"This document was written by Chad R Dougherty.","public":["http://www.eeye.com/html/research/advisories/AD20060421.html","http://jvn.jp/jp/JVN%2374294680/index.html","http://secunia.com/advisories/19795/","http://www.securityfocus.com/bid/17666"],"cveids":["CVE-2006-2007"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-04-20T15:44:35Z","publicdate":"2006-04-21T00:00:00Z","datefirstpublished":"2006-04-28T20:39:46Z","dateupdated":"2006-05-31T13:17:30Z","revision":30,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"4","cam_impact":"19","cam_easeofexploitation":"8","cam_attackeraccessrequired":"15","cam_scorecurrent":"3.42","cam_scorecurrentwidelyknown":"4.275","cam_scorecurrentwidelyknownexploited":"7.695","ipprotocol":"","cvss_accessvector":"--","cvss_accesscomplexity":"--","cvss_authentication":null,"cvss_confidentialityimpact":"--","cvss_integrityimpact":"--","cvss_availabilityimpact":"--","cvss_exploitablity":null,"cvss_remediationlevel":"ND","cvss_reportconfidence":"ND","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"0","cvss_basevector":"AV:--/AC:--/Au:--/C:--/I:--/A:--","cvss_temporalscore":"0","cvss_environmentalscore":"0","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":3.42,"vulnote":null}