PicoZip zipinfo.dll Multiple Archive Filename Processing Overflow

2006-06-14T04:34:07
ID OSVDB:26447
Type osvdb
Reporter Tan Chew Keong()
Modified 2006-06-14T04:34:07

Description

Vulnerability Description

A remote overflow exists in PicoZip. The 'zipinfo.dll' fails to get info of ACE, RAR, or ZIP archives containing a file with a long filename resulting in a stack-based overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.

Solution Description

Upgrade to version 4.02 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in PicoZip. The 'zipinfo.dll' fails to get info of ACE, RAR, or ZIP archives containing a file with a long filename resulting in a stack-based overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.

References:

Vendor URL: http://www.picozip.com/ Secunia Advisory ID:20481 Other Advisory URL: http://secunia.com/secunia_research/2006-42/advisory/ Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0286.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0333.html FrSIRT Advisory: ADV-2006-2330 CVE-2006-2909 Bugtraq ID: 18425