PartyPoker Client Update Remote Code Execution Vulnerability

The PartyPoker client is prone to a remote code-execution vulnerability because it fails to adequately verify the authenticity of update servers and the files obtained from the servers.

Attackers can exploit this issue by performing man-in-the-middle attacks to have the client download and execute a malicious file hosted on an attacker-controlled computer.

PartyPoker client build number 121/120 is vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus