Multiple remote vulnerabilities reportedly affect KaZaA’s Sig2Dat protocol functionality. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in critical actions.

An attacker may leverage these issues to cause the affected application to crash, denying service to legitimate users, and to create files in arbitrary directories that are readable to the affected application.

Affected versions:
KaZaA KaZaA Media Desktop 2.0
KaZaA KaZaA Media Desktop 2.0.2
KaZaA KaZaA Media Desktop 2.6.4
KaZaA KaZaA Media Desktop 3.0
KaZaA Lite KaZaA Lite 1.7.2
KaZaA Lite KaZaA Lite 2.0
KaZaA Lite KaZaA Lite 2.0.2

Workaround:
The following workaround reportedly disables the affected protocol handler. This will reduce the likelihood of exploitation, however it will also disable any functions that rely on this protocol being handled. It should be noted that this workaround has not been verified by Symantec. Assign the following value to the following registry key:

[HKEY_CLASSES_ROOT\sig2dat\shell\open\command]
@=""


Tri Synergy, a leading publisher of utility, entertainment, and reference software, has entered into a strategic partnership with Lavasoft , the industry leader in the field of anti-spyware solutions. Tri Synergy will publish Ad-Aware Plus program and will be available at retail outlets across North America.

Ad-Aware software has dominated the anti-spyware market via the Internet, where more than 100 million copies of Ad-Aware versions have been utilized by home and corporate users worldwide in the past six months.

Ad-Aware Plus will be available at all major retailers in 1st Quarter 2005.