COMMAND

    Filo

SYSTEMS AFFECTED

    i-drive Filo (tm) software

PROBLEM

    Following is based on Internet Security Systems Security Advisory.
    Internet  Security   Systems  (ISS)   X-Force  has   discovered  a
    vulnerability in the i-drive Filo software.  i-drive.com  provides
    web  storage   services  for   over  1.5   million  users.     The
    browser-based tool, Filo,  allows users to  clip and save  any web
    page  to  their  i-drive  account.   Filo  is  designed for saving
    important  pages  found  on  the  web such as investment research,
    travel confirmations, and e-commerce receipts.

    Filo file version 1.0.0.1 for Windows NT (SP5) is affected.

    When  the  Filo  software  is  installed,  the  setup program also
    installs an  HTTP proxy  server.   An attacker  can send the proxy
    server an overly long HTTP GET request, overflowing a heap  buffer
    in  the  Filo  server  software.   This  vulnerability  allows  an
    attacker to remotely execute arbitrary code.

SOLUTION

    i-drive  recommends  upgrading  to  Filo  1.5.3.   This version is
    available for download at:

        http://www.idrive.com/site/download/WinFiloInstaller.exe