WinZip zipandemail Long File Name Overflow

2004-04-08T23:10:38
ID OSVDB:5639
Type osvdb
Reporter OSVDB
Modified 2004-04-08T23:10:38

Description

Vulnerability Description

A buffer overflow exists in Winzip. The zipandemail function fails to handle long files name resulting in a buf overfer flow. With a specially crafted filename, an attacker can cause arbitrary code to executed resulting in a loss of confidentiality integrity, and/or availability.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

A buffer overflow exists in Winzip. The zipandemail function fails to handle long files name resulting in a buf overfer flow. With a specially crafted filename, an attacker can cause arbitrary code to executed resulting in a loss of confidentiality integrity, and/or availability.

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-02/0520.html ISS X-Force ID: 6191 Generic Exploit URL: http://www.securiteam.com/exploits/5HP022KG0S.html CVE-2001-0449