Info

Disclosure

Jul 11, 2002

Discovery

Unknown

Dates

Exploit

Jul 11, 2002

Solution

Unknown

Description

Popcorn contains a flaw that may allow a remote denial of service. The issue is triggered when an attackers sends the victim an email with a date containing a year greater than 2037 resulting in loss of availability for Popcorn.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Upgrade to version 1.24 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Ultrafunk	Popcorn	1.20
		1.15
		1.10
		1.04
		1.02
		1.01
		1.00

References

Security Tracker: 1004753
CVE ID: 2002-1045 (see also: NVD)
Bugtraq ID: 5212
ISS X-Force ID: 9547
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-07/0117.html
Vendor URL: http://www.ultrafunk.com
Vendor Specific Solution URL: http://www.ultrafunk.com/products/popcorn/
http://www.ultrafunk.com/products/popcorn/changelog_old.shtml

Credit

Luigi Auriemma - aluigialtervista.org - http://aluigi.altervista.org

Direct URL: http://osvdb.org/36218