• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

CNet CatchUp Remote Arbitrary Code Execution Vulnerability

CNET Catchup is a highly customizable utility for retrieving software updates for various products. It runs on Microsoft Windows 9x/ME/NT/2000/XP platforms.

A vulnerability has been discovered that may allow a remote attacker to execute arbitrary code on the host running CNET Catchup. Additionally, it may be possible for an attacker to remotely start the CNET Catchup utility.

Successful exploitation of this issue may result in a full compromise of the host running the vulnerable software.