Advisory Optimal Archive 1.38

[tecr0c () tecninja net]

Advisory : CORELAN-10-017

Disclosure date : 31/3/2010

 

1 : Vulnerability information

 Product : Optimal Archive

 Version : 1.38

 Vendor :  Optimal Access

 URL : http://www.optimalaccess.com/en/product_archive.htm

 Platform : Windows

 Type of vulnerability : Stack overflow

 Risk rating : Medium

 Issue fixed in version : <unpatched>

 Vulnerability discovered by : TecR0c

 

 

2 : Vendor description of software

"Optimal Archive is a stand alone program which lets you view the
structure of your zip-file in the explorer tree – launch applications
from inside the zip file, and drag and drop files from and to the zip
file with ease.

However when you use Optimal Archive inside of Optimal Desktop all your
folders
are accessible from one tree, and you can use Optimal Desktops tabs to
point to
any folder inside of your zipped files"

 

3 : Vulnerability details

A specially crafted zip file will cause a stack based buffer overflow in
explorer.exe

 

4 : Vendor communication

 March 21, 2010 – Initial vendor contact

 March 29, 2010 – Reminder to vendor

 March 31, 2010 – No contact from vendor whatsoever

 March 31, 2010 – Public disclosure

 

5 : Exploit/PoC
http://www.tecninja.net/exploits/optimal.py.txt

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/