Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

[CORELAN-10-032] - Easyzip 2000 .zip Stack BOF

From: Security <security () corelan be>
Date: Sun, 25 Apr 2010 10:28:31 +0200

|------------------------------------------------------------------|
|                         __               __                      |
|   _________  ________  / /___ _____     / /____  ____ _____ ___  |
|  / ___/ __ \/ ___/ _ \/ / __ `/ __ \   / __/ _ \/ __ `/ __ `__ \ |
| / /__/ /_/ / /  /  __/ / /_/ / / / /  / /_/  __/ /_/ / / / / / / |
| \___/\____/_/   \___/_/\__,_/_/ /_/   \__/\___/\__,_/_/ /_/ /_/  |
|                                                                  |
|                                       http://www.corelan.be:8800 |
|                                              security () corelan be |
|                                                                  |
|-------------------------------------------------[ EIP Hunters ]--|
|                                                                  |
|                 Vulnerability Disclosure Report                  |
|                                                                  |
|------------------------------------------------------------------|

Advisory : CORELAN-10-032
Disclosure date : 21st Apr 2010
http://www.corelan.be:8800/advisories.php?id=CORELAN-10-032


0x00 : Vulnerability information

 [+] Product : Easyzip 2000
 [+] Version : 3.5
 [+] Vendor : http://www.thefreesite.com/
 [+] URL : http://www.thefreesite.com/ezip35.exe
 [+] Type of vulnerability : Local Buffer Overflow
 [+] Risk rating : High
 [+] Issue fixed in version : none
 [+] Vulnerability discovered by : mr_me
 [+] Greetings to : The Corelan Security Team (http://www.corelan.be:8800/index.php/security/corelan-team-members/)



0x01 : Vendor description of software


From the vendor website:


This freeware utility is a powerful, easy-to-use FREE zip and unzip utility. 
It offers all the features you'd find in the commercial compression programs.



0x02 : Vulnerability details
Local Stack Overflow:

When the application receives a malicious '.zip' file it fails to properly sanitize the 'filename' section on the zip 
resulting in a stack based buffer overflow. 


0x03 : Vendor communication

 [*] 8th Apr, 2010 : Vendor contacted
 [*] 18th Apr, 2010 : Vendor reminded of vulnerability
 [*] 25th Apr, 2010 : No response
 [*] 25th Apr, 2010 : Public Disclosure



0x04 : Exploit/PoC

http://www.corelan.be:8800/advisories.php?id=CORELAN-10-032

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: