[Japanese]

JVNDB-2006-000614

Winny buffer overflow vulnerability

Overview

Winny, P2P file-sharing (exchange) software, contains a buffer overflow vulnerability.

As of May 25, 2006, exploit information is publicly available. Currently we are not aware of any attacks. It is recommended that users avoid using Winny.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 7.5 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products


Isamu Kaneko
  • Winny 2.0 b7.1 and earlier

Impact

If a remote attacker sends a malicious packet, Winny will crash.
It is publicly reported that arbitrary code may be executed with the privilege running Winny.
Solution

Vendor Information

CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2006-2007
References

  1. JVN : JVN#74294680
  2. National Vulnerability Database (NVD) : CVE-2006-2007
  3. US-CERT Vulnerability Note : VU#167033
  4. Secunia Advisory : SA1979
  5. SecurityFocus : 17666
  6. FrSIRT Advisories : FrSIRT/ADV-2006-1486
  7. OPEN SOURCE VULNERABILITY DATABASE (OSVDB) : 24883
Revision History

  • [2008/05/21]
      Web page published