Kazaa Security Issue
Wednesday, March 19, 2003 (08:40:24)

Posted by watts

A vulnerability has been discovered in KaZaA related to the displaying of advertisements. It has been reported that KaZaA advertisements [provided by Cydoor] are rendered in the MSIE local zone. This presents a security risk as it is possible for malicious advertisement content to execute arbitrary commands on client systems. This issue may also be exploited to disclose the contents of system files.

This may allow unknown and untrusted remote content to compromise a users system.

Workaround:


The following workaround has been suggested by David Krum: [It would be easier to just use Kazaalite than to follow this workaround. Same result, less risk]

Remove the permissions from the %windir%AdCache directory or %windir%system32AdCache. This will also cause KaZaA to show no advertisements at all.

You can get KazaaLite here

If you don't already use Kazaa Lite, then remove Kazaa now install Kazaa Lite. You're just asking for trouble otherwise.