Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

CORELAN-10-025 Archive Searcher .zip Stack Overflow

From: Security <security () corelan be>
Date: Fri, 16 Apr 2010 08:20:23 +0200
Advisory           : CORELAN-10-025
Disclosure date : April 16th, 2010
http://www.corelan.be:8800/advisories.php?id=CORELAN-10-025

00 : Vulnerability information
 Product : Archive Searcher 2.1
 Version : 2.1 (latest version)
 Vendor : support () miniwish com/ miniwish.com
 URL : http://www.miniwish.com/
 Platform : Windows
 Type of vulnerability : Stack overflow
 Risk rating : High
 Issue fixed in version : not fixed
 Vulnerability discovered by : Lincoln
 Corelan Team :
 http://www.corelan.be:8800/index.php/security/corelan-team-members/

01 : Vendor description of software

From the vendor website:

"Archive Searcher© helps you finding out a file inside zip/ace/rar/cab compressed files" 

02 : Vulnerability details
When a specially crafted zip file is searched for by Archive Searcher, an exception
handler gets overwritten, allowing to trigger arbitrary code execution. 
No user intervention is required (except for searching for the file) to gain
code execution.

03 : Author/Vendor communication
 March 28th 2010 : author contacted
 April 7th 2010  : sent reminder
 April 15th 2010 : No response, public disclosure
04: Proof-of Concept
A PoC is available here : 
http://www.corelan.be:8800/wp-content/forum-file-uploads/ekse/public/exploits/archive_searcher.rb_.txt
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: