|------------------------------------------------------------------| | __ __ | | _________ ________ / /___ _____ / /____ ____ _____ ___ | | / ___/ __ \/ ___/ _ \/ / __ `/ __ \ / __/ _ \/ __ `/ __ `__ \ | | / /__/ /_/ / / / __/ / /_/ / / / / / /_/ __/ /_/ / / / / / / | | \___/\____/_/ \___/_/\__,_/_/ /_/ \__/\___/\__,_/_/ /_/ /_/ | | | | http://www.corelan.be:8800 | | security@corelan.be | | | |-------------------------------------------------[ EIP Hunters ]--| | | | Vulnerability Disclosure Report | | | |------------------------------------------------------------------| Advisory : CORELAN-10-014 Disclosure date : 19/3/2010 0x00 : Vulnerability information -------------------------------- [*] Product : ZippHo [*] Version : 3.0.6 [*] Vendor : http://www.zippho.org/ [*] URL : http://www.brothersoft.com/zippho-71295.html [*] Platform : Windows [*] Type of vulnerability : Stack overflow [*] Risk rating : High [*] Issue fixed in version : [*] Vulnerability discovered by : mr_me [*] Corelan Team : http://www.corelan.be:8800/index.php/security/corelan-team-members/ 0x01 : Vendor description of software ------------------------------------- - 0x02 : Vulnerability details ---------------------------- A specially crafted zip file will cause a stack based buffer overflow 0x03 : Vendor communication --------------------------- [*] 6th Mar, 2010 - Initial vendor contact [*] 13th Mar, 2010 - Reminder to vendor [*] 19th Mar, 2010 - No contact from vendor whatsoever [*] 19th Mar, 2010 - Public disclosure 0x04 : Exploit/PoC ------------------ http://net-ninja.net/blog/media/blogs/b/exploits/zippHO-0day.py.txt