Full Disclosure mailing list archives
[SECURITY] Zip Unzip v6 (.zip) 0day stack buffer overflow vulnerability
From: Steven Seeley <seeleymagic () hotmail com>
Date: Sat, 3 Apr 2010 11:33:01 +1000
|------------------------------------------------------------------| | __ __ | | _________ ________ / /___ _____ / /____ ____ _____ ___ | | / ___/ __ \/ ___/ _ \/ / __ `/ __ \ / __/ _ \/ __ `/ __ `__ \ | | / /__/ /_/ / / / __/ / /_/ / / / / / /_/ __/ /_/ / / / / / / | | \___/\____/_/ \___/_/\__,_/_/ /_/ \__/\___/\__,_/_/ /_/ /_/ | | | | http://www.corelan.be:8800 | | security () corelan be | | | |-------------------------------------------------[ EIP Hunters ]--| | | | Vulnerability Disclosure Report | | | |------------------------------------------------------------------| Advisory : CORELAN-10-019 Disclosure date : 3rd Apr 2010 0x00 : Vulnerability information ——————————– [*] Product : zip-unzip [*] Version : 6.x [*] Vendor : http://www.microviet.com/ [*] URL : http://www.microviet.com/free/zipunzip.EXE [*] Type of vulnerability : Local Stack Overflow [*] Risk rating : High [*] Issue fixed in version : none [*] Vulnerability discovered by : mr_me [*] Greetings to : The Corelan Security Team (http://www.corelan.be:8800/index.php/security/corelan-team-members/) 0x01 : Vendor description of software ————————————-
From the vendor website:
No description 0x02 : Vulnerability details —————————- Local Stack Overflow: When the application recieves a malicous .zip file it can cause a buffer overflow in the 'filename' buffer of the application, resulting in code execution in the context of the currently logged in user. 0x03 : Vendor communication ————————— [*] 23rd Mar, 2010 : Vendor contacted [*] 30th Mar, 2010 : Vendor reminded of vulnerability [*] 3rd Apr, 2010 : No contact [*] 3rd Apr, 2010 : Public Disclosure 0x04 : Exploit/PoC —————— http://net-ninja.net/blog/media/blogs/b/exploits/zipunzip.php.txt _________________________________________________________________ If It Exists, You'll Find it on SEEK. Australia's #1 job site http://clk.atdmt.com/NMN/go/157639755/direct/01/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [SECURITY] Zip Unzip v6 (.zip) 0day stack buffer overflow vulnerability Steven Seeley (Apr 04)