GetRight DUNZIP32.dll Skin File Processing Overflow

2004-12-07T06:53:56
ID OSVDB:12252
Type osvdb
Reporter ATmaCA(atmaca@prohack.net)
Modified 2004-12-07T06:53:56

Description

Vulnerability Description

A remote overflow exists in GetRight. The GetRight DUNZIP32.dll fails to properly check skin files resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code resulting in a loss of integrity.

Solution Description

Upgrade to version 5.2b or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in GetRight. The GetRight DUNZIP32.dll fails to properly check skin files resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code resulting in a loss of integrity.

Manual Testing Notes

http://[victim]/c_skin.grs

References:

Vendor URL: http://www.getright.com/ Security Tracker: 1012430 Secunia Advisory ID:13391 Other Advisory URL: http://www.getright.com/new52.html ISS X-Force ID: 18381 CVE-2004-0575