iMesh May Run Arbitrary Code
Reported June 29 by
Blue Panda

Windows 9x


iMesh is a service that enables people to locate and share files.
According to a report from a person using the pseudonym Blue Panda, iMesh 1.02, builds 116 and 177, are vulnerable to a buffer overflow that may execute arbitrary code.

Upon connecting to a given server, iMesh listens on a variable TCP port. An intruder could connect to that arbitrary port and then instigate a buffer overrun to execute on the remote machine.


According to the discoverer, iMesh is aware of the issue and will provide a fix in the next release of their product.

Discovered and reported by Blue Panda