CNET Catchup Software Update Utility Lets Remote Users Execute Arbitrary Code on Another User's Computer - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > CNET CatchUp

CNET Catchup Software Update Utility Lets Remote Users Execute Arbitrary Code on Another User's Computer

SecurityTracker Alert ID: 1003397

SecurityTracker URL: http://securitytracker.com/id/1003397

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Updated: Feb 22 2002

Original Entry Date: Jan 30 2002

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 1.30 and prior versions

Description: Newsbytes reported a vulnerability in CNet Catchup, a Windows-based software update utility. A remote user could execute arbitrary code on the system running CNet Catchup.

It is reported that a remote user can cause Catchup to be launched on another user's system and arbitrary code to be executed. No futher details were provided.

See the original Newsbytes article at:

http://www.newsbytes.com/news/02/173906.html

Impact: A remote user can execute arbitrary code on another user's computer with the privileges of the user currently logged in.

Solution: The vendor has released a fix (1.31), available at:

http://download.cnet.com/downloads/0-10106-100-8581683.html

Or, users of older versions can apparently protect against attacks by deselecting the "Start scan on execute" option in the program's launch settings. The options menu can reportedly be accessed by clicking the "Abort" button during an update scan.

Vendor URL: www.cnet.com (Links to External Site)

Cause: Not specified

Underlying OS: Windows (Any)

Message History: None.

Source Message Contents

Date: Wed, 30 Jan 2002 11:04:39 -0500
Subject: Software Tool From CNet Opens Security Hole [Newsbytes]


Newsbytes reported a vulnerability in CNet Catchup, a Windows-based
software update utility.  A remote user could execute arbitrary code on
the system running CNet Catchup.

It is reported that a remote user can cause Catchup to be launched on
another user's system and arbitrary code to be executed.

The vendor has released a fix (1.31), available at:

http://download.cnet.com/downloads/0-10106-100-8581683.html

Or, users of older versions can apparently protect against attacks by
deselecting the "Start scan on execute" option in the program's launch 
settings.  The options menu can reportedly be accessed by clicking the
"Abort" button during an update scan.

See the original Newsbytes article at:

http://www.newsbytes.com/news/02/173906.html

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC