---------------------------------------------------------------------- Are you missing: SECUNIA ADVISORY ID: Critical: Impact: Where: within the advisory below? This is now part of the Secunia commercial solutions. Click here to learn more about our commercial solutions: http://secunia.com/advisories/business_solutions/ Click here to trial our solutions: http://secunia.com/advisories/try_vi/ ---------------------------------------------------------------------- TITLE: aMule Video Preview Arbitrary Parameter Injection Security Issue SECUNIA ADVISORY ID: SA34839 VERIFY ADVISORY: http://secunia.com/advisories/34839/ DESCRIPTION: A security issue has been reported in aMule, which can be exploited by malicious people to manipulate certain data. The security issue is caused due to the application improperly sanitising the file name of a previewed video file. This can be exploited to pass arbitrary arguments to the configured media player by tricking a user into downloading and previewing a file containing e.g. single quote characters. The security issue is reported in version 2.2.4. Other versions may also be affected. SOLUTION: Do not preview untrusted video files. PROVIDED AND/OR DISCOVERED BY: Reported in a Debian bug report by Sam Hocevar. ORIGINAL ADVISORY: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525078 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------