what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New


Posted Jul 28, 2005
Authored by ATmaCA, Kozan | Site spyinstructors.com

Remote exploitation of a buffer overflow vulnerability in Ares FileShare 1.1 could allow execution of arbitrary code.

tags | advisory, remote, overflow, arbitrary
SHA-256 | 69900714ad4b60f7881d9946c2804a1e724d0a2b64a5262a37935655d22d926d


Change Mirror Download
Ares FileShare 1.1 'Long Searched String' Buffer Overflow Vulnerability


Ares Fileshare is one of the most popular P2P application around the world.
With Ares Fileshare you can connect to several established P2P-networks,
which will yield more search results with less effort. One of the beauties
with Ares Fileshare is that you don't have to share files in order to search
and download, in other words -- you'll be started within seconds.

More information can be found at the following link:


Remote and/or exploitation of a buffer overflow vulnerability in Ares FileShare
could allow execution of arbitrary code.

A specially crafted .conf file (ares.conf - configuration file of Ares FileShare)
containing long searched strings history information or entering a long string
for Search can cause Ares FileShare to overwrite stack space.

No checks are made on the length of data being copied, When a string data is longer
than 1065 bytes (1066 or longer), allowing the return address on the stack to be
overwritten (in UNICODE).


Successful exploitation allows remote and/or local attackers to execute arbitrary
code in the context of the target user that opened the malicious configuration file
or entering specially crafted search data.

After this when user starts Ares FileShare program and selects this malicious
entry from Search Listbox, buffer overflow occurs.

An example malicious ares.conf file is that contains long searc history data:

history = AAAAA.....[ A x 1065 bytes (where the EIP starts in UNICODE) ]AA...\r\n

The data that is written onto the stack is in the form: 0x00410041

41s in hexadecimal = 'A's are controlled by the input. While this
tends to make exploitation more difficult, it does not prevent it, as it
may be possible for an attacker to cause controlled data to be put into
a memory location matching the required format.


Ares FileShare 1.1 is vulnerable. Earlier versions strongly might be
vulnerable to this issue.


User awareness is the best method of defense against this class of
attack. Users must be wary when opening files from untrusted sources.

When possible, run client software, as regular user accounts with
limited access to system resources. This may limit the immediate
consequences of client-side vulnerabilities.

Discovered by Kozan
Credits to ATmaCA
Web: www.spyinstructors.com
Mail: kozan@spyinstructors.com
Login or Register to add favorites

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By