Software Tool From CNet Opens Security Hole
Source: NewsBytes
CNet Catchup, a popular Windows software update utility, contains a security vulnerability that could enable a remote attacker to run malicious code on the user's computer.
According to CNet Networks' Catchup Dispatch newsletter, distributed Jan. 23, the vulnerability affects all previous versions of Catchup and allows an attacker "to launch Catchup and execute arbitrary code on a user's system."
The company has developed a patch that corrects the flaw. The fix is available by updating to Catchup version 1.31.
It was not immediately clear whether details about the vulnerability have been publicized or if it is currently being exploited. According to the newsletter, CNet discovered the flaw. Company officials were not available for comment. CNet Catchup is a free program that runs as a browser helper application. By visiting the Catchup site, users can scan their systems and identify available software updates and security fixes for a wide range of products.