Shareaza Update Notification Spoofing Vulnerability Network Vulnerability

Summary

This host has Shareaza installed and is prone Update Notification Spoofing vulnerabilities.

Impact

Successful exploitation will let the attackers conduct spoofing attacks. Impact Level: Application

Solution

Upgrade Shareaza version to 2.3.1.0 http://shareaza.sourceforge.net/?id=download

Insight

The flaw is due to update notifications being handled via the domain update.shareaza.com, which is no longer controlled by the vendor. This can be exploited to spoof update notifications.

Affected

Shareaza version prior to 2.3.1.0

References

http://secunia.com/advisories/28302
http://sourceforge.net/project/shownotes.php?group_id=110672&release_id=565250
http://xforce.iss.net/xforce/xfdb/39484

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-7164
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air Multiple Vulnerabilities - November12 (Windows)
Adobe Air Remote Code Execution Vulnerability -June13 (Mac OS X)
Adobe Acrobat Multiple Unspecified Vulnerabilities - Windows
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Windows)
Adobe Air Multiple Vulnerabilities - November12 (Mac OS X)

Take action and discover your vulnerabilities