Full Disclosure mailing list archives
[CORELAN-10-032] - Easyzip 2000 .zip Stack BOF
From: Security <security () corelan be>
Date: Sun, 25 Apr 2010 10:28:31 +0200
|------------------------------------------------------------------| | __ __ | | _________ ________ / /___ _____ / /____ ____ _____ ___ | | / ___/ __ \/ ___/ _ \/ / __ `/ __ \ / __/ _ \/ __ `/ __ `__ \ | | / /__/ /_/ / / / __/ / /_/ / / / / / /_/ __/ /_/ / / / / / / | | \___/\____/_/ \___/_/\__,_/_/ /_/ \__/\___/\__,_/_/ /_/ /_/ | | | | http://www.corelan.be:8800 | | security () corelan be | | | |-------------------------------------------------[ EIP Hunters ]--| | | | Vulnerability Disclosure Report | | | |------------------------------------------------------------------| Advisory : CORELAN-10-032 Disclosure date : 21st Apr 2010 http://www.corelan.be:8800/advisories.php?id=CORELAN-10-032 0x00 : Vulnerability information [+] Product : Easyzip 2000 [+] Version : 3.5 [+] Vendor : http://www.thefreesite.com/ [+] URL : http://www.thefreesite.com/ezip35.exe [+] Type of vulnerability : Local Buffer Overflow [+] Risk rating : High [+] Issue fixed in version : none [+] Vulnerability discovered by : mr_me [+] Greetings to : The Corelan Security Team (http://www.corelan.be:8800/index.php/security/corelan-team-members/) 0x01 : Vendor description of software
From the vendor website:
This freeware utility is a powerful, easy-to-use FREE zip and unzip utility. It offers all the features you'd find in the commercial compression programs. 0x02 : Vulnerability details Local Stack Overflow: When the application receives a malicious '.zip' file it fails to properly sanitize the 'filename' section on the zip resulting in a stack based buffer overflow. 0x03 : Vendor communication [*] 8th Apr, 2010 : Vendor contacted [*] 18th Apr, 2010 : Vendor reminded of vulnerability [*] 25th Apr, 2010 : No response [*] 25th Apr, 2010 : Public Disclosure 0x04 : Exploit/PoC http://www.corelan.be:8800/advisories.php?id=CORELAN-10-032 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [CORELAN-10-032] - Easyzip 2000 .zip Stack BOF Security (Apr 25)
- <Possible follow-ups>
- [CORELAN-10-032] - Easyzip 2000 .zip Stack BOF Peter Van Eeckhoutte (Apr 25)
- [CORELAN-10-032] - Easyzip 2000 .zip Stack BOF jeff smith (Apr 26)
- Re: [CORELAN-10-032] - Easyzip 2000 .zip Stack BOF Benji (Apr 26)