Full Disclosure mailing list archives
[SECURITY] - Jzip (.zip) Unicode bof Vulnerability
From: Steven Seeley <seeleymagic () hotmail com>
Date: Tue, 6 Apr 2010 22:11:50 +1000
|------------------------------------------------------------------| | __ __ | | _________ ________ / /___ _____ / /____ ____ _____ ___ | | / ___/ __ \/ ___/ _ \/ / __ `/ __ \ / __/ _ \/ __ `/ __ `__ \ | | / /__/ /_/ / / / __/ / /_/ / / / / / /_/ __/ /_/ / / / / / / | | \___/\____/_/ \___/_/\__,_/_/ /_/ \__/\___/\__,_/_/ /_/ /_/ | | | | http://www.corelan.be:8800 | | security () corelan be | | | |-------------------------------------------------[ EIP Hunters ]--| Advisory : CORELAN-10-021 Disclosure date : 6th Apr 2010 0x00 : Vulnerability information ——————————– [*] Product : Jzip [*] Version : 1.3 [*] Vendor : http://www.jzip.com/ [*] URL : http://download.jzip.com/jZipV1.exe [*] Type of vulnerability : Local Stack Overflow [*] Risk rating : Low [*] Issue fixed in version : none [*] Vulnerability discovered by : mr_me [*] Greetings to : The Corelan Security Team (http://www.corelan.be:8800/index.php/security/corelan-team-members/) 0x01 : Vendor description of software ————————————-
From the vendor website:
- Create, open and extract Zip, TAR, GZip and 7-Zip. Open and extract from RAR and ISO. - jZip is absolutely FREE for everybody, home and enterprise users - jZip is an easy to use and fast archiving software - jZip is based on proven 7-Zip technology by Igor Pavlov 0x02 : Vulnerability details —————————- Local Stack Overflow: When the application receives a malicious .zip file it can cause a buffer overflow in the 'filename' buffer of the application, resulting in a denial of service. Code execution may still be possible. 0x03 : Vendor communication ————————— [*] 27th Mar, 2010 : Vendor contacted [*] 3rd Apr, 2010 : Vendor reminded of vulnerability [*] 6th Apr, 2010 : No contact [*] 6th Apr, 2010 : Public Disclosure 0x04 : Exploit/PoC —————— http://net-ninja.net/blog/media/blogs/b/exploits/jzip.php.txt _________________________________________________________________ New, Used, Demo, Dealer or Private? Find it at CarPoint.com.au http://clk.atdmt.com/NMN/go/206222968/direct/01/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [SECURITY] - Jzip (.zip) Unicode bof Vulnerability Steven Seeley (Apr 06)