ZipGenius ZIP Archive Filename Overflow

2005-10-21T10:41:30
ID OSVDB:20157
Type osvdb
Reporter Tan Chew Keong(vuln@secunia.com)
Modified 2005-10-21T10:41:30

Description

Vulnerability Description

A remote overflow exists in ZipGenius. "zipgenius.exe", "zg.exe", "zgtips.dll", and "contmenu.dll" fail to perform proper bounds checking, resulting in a stack-based buffer overflow. With a specially crafted ZIP archive containing a compressed file with an overly long filename, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Upgrade to version 6.0.2.1050 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in ZipGenius. "zipgenius.exe", "zg.exe", "zgtips.dll", and "contmenu.dll" fail to perform proper bounds checking, resulting in a stack-based buffer overflow. With a specially crafted ZIP archive containing a compressed file with an overly long filename, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.zipgenius.it/ Vendor Specific Advisory URL Security Tracker: 1015090 Secunia Advisory ID:17061 Related OSVDB ID: 20159 Related OSVDB ID: 20158 Other Advisory URL: http://secunia.com/secunia_research/2005-54/advisory/ Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0464.html CVE-2005-3317 Bugtraq ID: 15161