The vulnerability was found in the processing of OPML (Outline Processor Markup Language) file, which is an XML format for outlines used by RSS reader to store and manage RSS feeds. With OPML, users can easily share their RSS feed lists with others or export these lists to use in other RSS feed readers. However, FeedDemon does not handle this format well enough, which leads to buffer overflow flaw. More precisely, the error occurs when users import an OPML file, whose "outline" tag has a too long "text" attribute. FeedDemon, on parsing this file, will crash; and if malicious code is embedded into that file, it will be executed and give hackers system control. Exploitation can be carried out via a file stored on victims' computers or simply a link to such file. It is this factor that increases the threat of users' computers being attack remotely. Taking advantage of the above vulnerability, a hacker might prepare a malicious OPML file, and somehow trick users...
The vulnerability was found in the processing of OPML (Outline Processor Markup Language) file, which is an XML format for outlines used by RSS reader to store and manage RSS feeds. With OPML, users can easily share their RSS feed lists with others or export these lists to use in other RSS feed readers. However, FeedDemon does not handle this format well enough, which leads to buffer overflow flaw. More precisely, the error occurs when users import an OPML file, whose "outline" tag has a too long "text" attribute. FeedDemon, on parsing this file, will crash; and if malicious code is embedded into that file, it will be executed and give hackers system control. Exploitation can be carried out via a file stored on victims' computers or simply a link to such file. It is this factor that increases the threat of users' computers being attack remotely. Taking advantage of the above vulnerability, a hacker might prepare a malicious OPML file, and somehow trick users into importing it. He/she might send the file to users directly or send them a link to that file instead. Right after users have imported the file, malicious code will be executed and they will become hacker's victims. FeedDemon (version <= 2.7) Rating this vulnerability high severity, and due to the fact that the manufacturer hasn't released any official patch for it. Bkis recommends that users of FeedDemon should be careful when importing RSS feed lists from untrustworthy sources.
