Verity KeyView Viewer SDK kvarcve.dll Compressed File Pathname Generation Overflow

2006-02-10T09:47:53
ID OSVDB:23064
Type osvdb
Reporter Tan Chew Keong(vuln@secunia.com)
Modified 2006-02-10T09:47:53

Description

Vulnerability Description

A remote overflow exists in Verity KeyView Viewer SDK. 'kvarcve.dll' fails to perform bounds checking when constructing the full pathname of a compressed file before extracting it from a ZIP archive, resulting in a stack based overflow. With a specially crafted ZIP archive, an attacker can cause arbitrary code execution when a compressed file with a long filename is extracted from within an application using the vulnerable viewer, resulting in a loss of integrity.

Solution Description

Upgrade to version 8.2, 9.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in Verity KeyView Viewer SDK. 'kvarcve.dll' fails to perform bounds checking when constructing the full pathname of a compressed file before extracting it from a ZIP archive, resulting in a stack based overflow. With a specially crafted ZIP archive, an attacker can cause arbitrary code execution when a compressed file with a long filename is extracted from within an application using the vulnerable viewer, resulting in a loss of integrity.

References:

Vendor URL: http://www.verity.com/products/oem/keyview/features/keyview_viewing_sdk.html Vendor URL: http://www.verity.com/products/oem_solutions/keyview/ Vendor Specific Advisory URL Security Tracker: 1015657 Secunia Advisory ID:16100 Secunia Advisory ID:16280 Related OSVDB ID: 23066 Related OSVDB ID: 23065 Related OSVDB ID: 23067 Related OSVDB ID: 23068 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0192.html FrSIRT Advisory: ADV-2006-0500 CVE-2005-2618 CERT VU: 884076