Multiple remote vulnerabilities reportedly affect KaZaA’s Sig2Dat protocol functionality. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in critical actions.

An attacker may leverage these issues to cause the affected application to crash, denying service to legitimate users, and to create files in arbitrary directories that are readable to the affected application.

Affected versions:
KaZaA KaZaA Media Desktop 2.0
KaZaA KaZaA Media Desktop 2.0.2
KaZaA KaZaA Media Desktop 2.6.4
KaZaA KaZaA Media Desktop 3.0
KaZaA Lite KaZaA Lite 1.7.2
KaZaA Lite KaZaA Lite 2.0
KaZaA Lite KaZaA Lite 2.0.2

Workaround:
The following workaround reportedly disables the affected protocol handler. This will reduce the likelihood of exploitation, however it will also disable any functions that rely on this protocol being handled. It should be noted that this workaround has not been verified by Symantec. Assign the following value to the following registry key:

[HKEY_CLASSES_ROOT\sig2dat\shell\open\command]
@=""