PowerArchiver DZIPS32.DLL Zip File Addition Overflow

2006-07-25T10:33:54
ID OSVDB:27492
Type osvdb
Reporter Tan Chew Keong(vuln@secunia.com)
Modified 2006-07-25T10:33:54

Description

Vulnerability Description

A local overflow exists in PowerArchiver. PowerArchiver fails to add a file with a long filename into a ZIP archive resulting in a stack overflow. With a specially crafted archive containing a long filename, an attacker can execute arbitrary code resulting in a loss of integrity and/or availability.

Solution Description

Upgrade to version 9.63 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A local overflow exists in PowerArchiver. PowerArchiver fails to add a file with a long filename into a ZIP archive resulting in a stack overflow. With a specially crafted archive containing a long filename, an attacker can execute arbitrary code resulting in a loss of integrity and/or availability.

References:

Vendor URL: http://www.powerarchiver.com/ Security Tracker: 1016579 Secunia Advisory ID:21199 Other Advisory URL: http://vuln.sg/powarc962-en.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0584.html ISS X-Force ID: 27939 FrSIRT Advisory: ADV-2006-2971 CVE-2006-3985