iMesh May Run Arbitrary Code
Reported June 29 by
Blue Panda

VERSIONS EFFECTED
Windows 9x

DESCRIPTION

iMesh is a service that enables people to locate and share files.
According to a report from a person using the pseudonym Blue Panda, iMesh 1.02, builds 116 and 177, are vulnerable to a buffer overflow that may execute arbitrary code.

Upon connecting to a given server, iMesh listens on a variable TCP port. An intruder could connect to that arbitrary port and then instigate a buffer overrun to execute on the remote machine.

VENDOR RESPONSE

According to the discoverer, iMesh is aware of the issue and will provide a fix in the next release of their product.

CREDITS
Discovered and reported by Blue Panda