TUCoPS :: Windows Apps :: filo.htm

I-drive Filo tool for NT Exploitable Buffer Overflow 
Vulnerability

    Filo

Affected

    i-drive Filo (tm) software

Description

    Following is based on Internet Security Systems Security Advisory.
    Internet  Security   Systems  (ISS)   X-Force  has   discovered  a
    vulnerability in the i-drive Filo software.  i-drive.com  provides
    web  storage   services  for   over  1.5   million  users.     The
    browser-based tool, Filo,  allows users to  clip and save  any web
    page  to  their  i-drive  account.   Filo  is  designed for saving
    important  pages  found  on  the  web such as investment research,
    travel confirmations, and e-commerce receipts.

    Filo file version 1.0.0.1 for Windows NT (SP5) is affected.

    When  the  Filo  software  is  installed,  the  setup program also
    installs an  HTTP proxy  server.   An attacker  can send the proxy
    server an overly long HTTP GET request, overflowing a heap  buffer
    in  the  Filo  server  software.   This  vulnerability  allows  an
    attacker to remotely execute arbitrary code.

Solution

    i-drive  recommends  upgrading  to  Filo  1.5.3.   This version is
    available for download at:

        http://www.idrive.com/site/download/WinFiloInstaller.exe

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH