lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20100401053233.70925f622d1eb50bf97afb0dbb43486a.61aa3f66ba.wbe@email06.secureserver.net>
Date: Thu, 01 Apr 2010 05:32:33 -0700
From: tecr0c@...ninja.net
To: full-disclosure@...ts.grok.org.uk, secalert@...urityreason.com,
	vuln@...unia.com
Subject: Advisory Optimal Archive 1.38

Advisory : CORELAN-10-017

Disclosure date : 31/3/2010

 

1 : Vulnerability information

 Product : Optimal Archive

 Version : 1.38

 Vendor :  Optimal Access

 URL : http://www.optimalaccess.com/en/product_archive.htm

 Platform : Windows

 Type of vulnerability : Stack overflow

 Risk rating : Medium

 Issue fixed in version : <unpatched>

 Vulnerability discovered by : TecR0c

 

 

2 : Vendor description of software

"Optimal Archive is a stand alone program which lets you view the
structure of your zip-file in the explorer tree – launch applications
from inside the zip file, and drag and drop files from and to the zip
file with ease.

However when you use Optimal Archive inside of Optimal Desktop all your
folders
are accessible from one tree, and you can use Optimal Desktops tabs to
point to
any folder inside of your zipped files"

 

3 : Vulnerability details

A specially crafted zip file will cause a stack based buffer overflow in
explorer.exe

 

4 : Vendor communication

 March 21, 2010 – Initial vendor contact

 March 29, 2010 – Reminder to vendor

 March 31, 2010 – No contact from vendor whatsoever

 March 31, 2010 – Public disclosure

 

5 : Exploit/PoC
http://www.tecninja.net/exploits/optimal.py.txt

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ