| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 25 Apr 2010 10:07:00 +0200 From: Peter Van Eeckhoutte <peter.ve@...elan.be> To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: [CORELAN-10-032] - Easyzip 2000 .zip Stack BOF |------------------------------------------------------------------| | __ __ | | _________ ________ / /___ _____ / /____ ____ _____ ___ | | / ___/ __ \/ ___/ _ \/ / __ `/ __ \ / __/ _ \/ __ `/ __ `__ \ | | / /__/ /_/ / / / __/ / /_/ / / / / / /_/ __/ /_/ / / / / / / | | \___/\____/_/ \___/_/\__,_/_/ /_/ \__/\___/\__,_/_/ /_/ /_/ | | | | http://www.corelan.be:8800 | | security@...elan.be | | | |-------------------------------------------------[ EIP Hunters ]--| | | | Vulnerability Disclosure Report | | | |------------------------------------------------------------------| Advisory : CORELAN-10-032 Disclosure date : 21st Apr 2010 http://www.corelan.be:8800/advisories.php?id=CORELAN-10-032 0x00 : Vulnerability information [+] Product : Easyzip 2000 [+] Version : 3.5 [+] Vendor : http://www.thefreesite.com/ [+] URL : http://www.thefreesite.com/ezip35.exe [+] Type of vulnerability : Local Buffer Overflow [+] Risk rating : High [+] Issue fixed in version : none [+] Vulnerability discovered by : mr_me [+] Greetings to : The Corelan Security Team (http://www.corelan.be:8800/index.php/security/corelan-team-members/) 0x01 : Vendor description of software >>From the vendor website: This freeware utility is a powerful, easy-to-use FREE zip and unzip utility. It offers all the features you'd find in the commercial compression programs. 0x02 : Vulnerability details Local Stack Overflow: When the application receives a malicious '.zip' file it fails to properly sanitize the 'filename' section on the zip resulting in a stack based buffer overflow. 0x03 : Vendor communication [*] 8th Apr, 2010 : Vendor contacted [*] 18th Apr, 2010 : Vendor reminded of vulnerability [*] 25th Apr, 2010 : No response [*] 25th Apr, 2010 : Public Disclosure 0x04 : Exploit/PoC http://www.corelan.be:8800/advisories.php?id=CORELAN-10-032 This transmission is intended only for use by the intended recipient(s). If you are not an intended recipient you should not read, disclose, copy, circulate or in any other way use the information contained in this transmission. The information contained in this transmission may be confidential and/or privileged. If you have received this transmission in error, please notify the sender immediately and delete this transmission including any attachments. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists