VULHUB ™

MyGetright is a download manager for Windows. The program accepts custom "skins" from remote websites. A '.dld' file is used to specify paths to various resources, including graphics, file permissions, etc. If the maliciously-composed .dld file includes pathnames which contain long sequences of extraneous data, the program's user interface will freeze. If a filepath field in the .dld file specifies a file for download which already exists on the target system, this file will be overwritten. Because the UI has halted, no warning or prompt will be supplied to the user. If the filepath field includes /../ sequences, the overwritten file may reside anywhere on the host.

MyGetright is a download manager for Windows. The program accepts custom "skins" from remote websites. A '.dld' file is used to specify paths to various resources, including graphics, file permissions, etc. If the maliciously-composed .dld file includes pathnames which contain long sequences of extraneous data, the program's user interface will freeze. If a filepath field in the .dld file specifies a file for download which already exists on the target system, this file will be overwritten. Because the UI has halted, no warning or prompt will be supplied to the user. If the filepath field includes /../ sequences, the overwritten file may reside anywhere on the host.