Full Disclosure mailing list archives
[CORELAN-10-032] - Easyzip 2000 .zip Stack BOF
From: Peter Van Eeckhoutte <peter.ve () corelan be>
Date: Sun, 25 Apr 2010 10:07:00 +0200
|------------------------------------------------------------------| | __ __ | | _________ ________ / /___ _____ / /____ ____ _____ ___ | | / ___/ __ \/ ___/ _ \/ / __ `/ __ \ / __/ _ \/ __ `/ __ `__ \ | | / /__/ /_/ / / / __/ / /_/ / / / / / /_/ __/ /_/ / / / / / / | | \___/\____/_/ \___/_/\__,_/_/ /_/ \__/\___/\__,_/_/ /_/ /_/ | | | | http://www.corelan.be:8800 | | security () corelan be | | | |-------------------------------------------------[ EIP Hunters ]--| | | | Vulnerability Disclosure Report | | | |------------------------------------------------------------------| Advisory : CORELAN-10-032 Disclosure date : 21st Apr 2010 http://www.corelan.be:8800/advisories.php?id=CORELAN-10-032 0x00 : Vulnerability information [+] Product : Easyzip 2000 [+] Version : 3.5 [+] Vendor : http://www.thefreesite.com/ [+] URL : http://www.thefreesite.com/ezip35.exe [+] Type of vulnerability : Local Buffer Overflow [+] Risk rating : High [+] Issue fixed in version : none [+] Vulnerability discovered by : mr_me [+] Greetings to : The Corelan Security Team (http://www.corelan.be:8800/index.php/security/corelan-team-members/) 0x01 : Vendor description of software
From the vendor website:
This freeware utility is a powerful, easy-to-use FREE zip and unzip utility. It offers all the features you'd find in the commercial compression programs. 0x02 : Vulnerability details Local Stack Overflow: When the application receives a malicious '.zip' file it fails to properly sanitize the 'filename' section on the zip resulting in a stack based buffer overflow. 0x03 : Vendor communication [*] 8th Apr, 2010 : Vendor contacted [*] 18th Apr, 2010 : Vendor reminded of vulnerability [*] 25th Apr, 2010 : No response [*] 25th Apr, 2010 : Public Disclosure 0x04 : Exploit/PoC http://www.corelan.be:8800/advisories.php?id=CORELAN-10-032 This transmission is intended only for use by the intended recipient(s). If you are not an intended recipient you should not read, disclose, copy, circulate or in any other way use the information contained in this transmission. The information contained in this transmission may be confidential and/or privileged. If you have received this transmission in error, please notify the sender immediately and delete this transmission including any attachments. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [CORELAN-10-032] - Easyzip 2000 .zip Stack BOF Security (Apr 25)
- <Possible follow-ups>
- [CORELAN-10-032] - Easyzip 2000 .zip Stack BOF Peter Van Eeckhoutte (Apr 25)
- [CORELAN-10-032] - Easyzip 2000 .zip Stack BOF jeff smith (Apr 26)
- Re: [CORELAN-10-032] - Easyzip 2000 .zip Stack BOF Benji (Apr 26)