7-Zip ARJ archive handling buffer overflow

Added: 06/09/2006
CVE: CVE-2005-3051
BID: 14925
OSVDB: 19639

Background

7-Zip is a free file archiver for Windows platforms.

Problem

A buffer overflow vulnerability in 7-Zip could allow code execution when a specially crafted ARJ file is opened.

Resolution

Upgrade to 7-Zip 4.27 beta or higher.

References

<http://secunia.com/secunia_research/2005-45/advisory/&gt;

Limitations

Exploit works on 7-Zip 4.23. Successful exploitation requires a user to download and open the exploit file in 7-Zip.

Execution of this exploit requires the Digest::CRC PERL module. On Linux systems this is typically found in a package named such as libdigest-crc-perl or perl-Digest-CRC.

Platforms

Windows