Gadu-Gadu 6.0 - File Download Filename Obfuscation

EDB-ID:

24404




Platform:

Windows

Date:

2004-08-23


source: https://www.securityfocus.com/bid/11017/info

Gadu-Gadu is a Polish instant messaging application for Microsoft Windows operating systems.

It is reported that the Gadu-Gadu instant messenger application contains a weakness allowing attackers to obfuscate file extensions.

This may allow an attacker to send potentially malicious executable files to users who think that they are downloading files that are believed to be harmless. 

file.ext%20(220%20kB)%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20.exe