lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 16 Apr 2010 08:20:23 +0200
From: Security <security@...elan.be>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>,
	"secalert@...urityreason.com" <secalert@...urityreason.com>,
	"vuln@...unia.com" <vuln@...unia.com>
Subject: CORELAN-10-025 Archive Searcher .zip Stack
	Overflow

Advisory           : CORELAN-10-025
Disclosure date : April 16th, 2010
http://www.corelan.be:8800/advisories.php?id=CORELAN-10-025

00 : Vulnerability information
 Product : Archive Searcher 2.1
 Version : 2.1 (latest version)
 Vendor : support@...iwish.com/ miniwish.com
 URL : http://www.miniwish.com/
 Platform : Windows
 Type of vulnerability : Stack overflow
 Risk rating : High
 Issue fixed in version : not fixed
 Vulnerability discovered by : Lincoln
 Corelan Team :
 http://www.corelan.be:8800/index.php/security/corelan-team-members/

01 : Vendor description of software
>>From the vendor website:
"Archive Searcher© helps you finding out a file inside zip/ace/rar/cab compressed files" 

02 : Vulnerability details
When a specially crafted zip file is searched for by Archive Searcher, an exception
handler gets overwritten, allowing to trigger arbitrary code execution. 
No user intervention is required (except for searching for the file) to gain
code execution.

03 : Author/Vendor communication
 March 28th 2010 : author contacted
 April 7th 2010  : sent reminder
 April 15th 2010 : No response, public disclosure
04: Proof-of Concept
A PoC is available here : http://www.corelan.be:8800/wp-content/forum-file-uploads/ekse/public/exploits/archive_searcher.rb_.txt
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ