Full Disclosure mailing list archives
[CORELAN-10-026] TweakFS Zip Stack BOF
From: Security <security () corelan be>
Date: Mon, 19 Apr 2010 13:54:25 +0200
Advisory : CORELAN-10-026 Disclosure date : April 19th, 2010 CVE Reference : CVE-2010-1458 http://www.corelan.be:8800/advisories.php?id=CORELAN-10-026 00 : Vulnerability information Product : TweakFS Zip Utility Version : 1.0 (latest version) Vendor : TweakFS URL : http://www.tweakfs.com/ Platform : Windows Type of vulnerability : Stack buffer overflow Risk rating : High Issue fixed in version : not fixed Vulnerability discovered by : TecR0c Corelan Team : http://www.corelan.be:8800/index.php/security/corelan-team-members/ 01 : Vendor description of software "Create and Extract Zips TweakFS Zip Utility for FSX was designed to be a useful tool for unpacking Zip files downloaded from FS file libraries without the need for an existing 3rd-party Zip application, but the big handy feature is that it has a tree display of the Zip folder structure giving you a clear view of how the files will unpack and into which location." 02 : Vulnerability details A flaw in how the application handles a overly long filename inside a zip file which an attacker can utilize in a manner other than the designer intended. This allows the attacker to run arbitrary-code execution on the victims machine when a specially crafted zip file has been open within the application. 03 : Author/Vendor communication April 7, 2010 : author contacted April 16, 2010 : sent reminder April 19th, 2010 : No response, public disclosure 04: Proof of Concept You can download a PoC exploit for XP SP3 from http://www.corelan.be:8800/advisories.php?id=CORELAN-10-026 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [CORELAN-10-026] TweakFS Zip Stack BOF Security (Apr 19)