Vulners
Lucene search
FuzeZip 1.0 SEH Buffer Overflow Vulnerability
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | CVE-2013-5656 | 7 Jan 202017:15 | – | attackerkb |
 | CVE-2013-5656 | 1 May 201300:00 | – | circl |
 | FuzeZip Buffer Overflow Vulnerability (CNVD-2020-02441) | 15 Jan 202000:00 | – | cnvd |
 | CVE-2013-5656 | 7 Jan 202016:35 | – | cve |
 | CVE-2013-5656 | 7 Jan 202016:35 | – | cvelist |
 | EUVD-2013-5495 | 7 Oct 202500:30 | – | euvd |
 | CVE-2013-5656 | 7 Jan 202017:15 | – | nvd |
 | Buffer overflow | 7 Jan 202017:15 | – | prion |
 | CVE-2013-5656 | 22 May 202511:24 | – | redhatcve |
Title: SEH BUFFER OVERFLOW IN FUZEZIP V.1.0
Severity: High
History: 16.Apr.2013 Vulnerability reported
Authors: Josep Pi Rodriguez, Pedro Guillen Nuñez , Miguel Angel de Castro Simon
Organization: RealPentesting
URL: http://www.realpentesting.blogspot.com
Product: FuzeZip
Version: 1.0.0.131625
Vendor: Koyote-Lab Inc
Url Vendor: http://fuzezip.com/
Platform: Windows
Type of vulnerability: SEH buffer overflow
Issue fixed in version: (Not fixed)
CVE identifier: CVE-2013-5656
[ DESCRIPTION SOFTWARE ]
From vendor website:
FuzeZip is a sophisticated, yet easy to use, free compression tool that is based on 7-Zip technology.
FuzeZip's software has a powerful compression engine that enables fast zipping and unzipping of Zip archives, as well as creating Zip-compatible files.
FuzeZip has a user-friendly interface that makes creating, opening, extracting and saving compressed files very easy to do.
[ VULNERABILITY DETAILS ]
FuzeZip suffers from a SEH based overflow and stack based overflow which is protected by stack cookies.
Above you can see the debugged process after the seh overflow:
Registers
---------
eax=00000041 ebx=00000000 ecx=00130000 edx=048d6798 esi=0012e434 edi=00000008
eip=004e8bf3 esp=0012dd10 ebp=0012dd48 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206
*** ERROR: Symbol file could not be found. Defaulted to export symbols for fuzeZip.exe -
fuzeZip!boost::archive::detail::iserializer<boost::archive::xml_wiarchive,std::list<std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> >,std::allocator<std::basic_string<wchar_t,std::char_traits<wchar_t>,std::allocator<wchar_t> > > > >::load_object_data+0x41113:
004e8bf3 668901 mov word ptr [ecx],ax ds:0023:00130000=6341
Seh chain
----------
0012de34: USER32!_except_handler3+0 (7e44048f)
CRT scope 0, func: USER32!UserCallWinProcCheckWow+155 (7e44ac6b)
0012dfbc: USER32!_except_handler3+0 (7e44048f)
CRT scope 0, func: USER32!UserCallWinProcCheckWow+155 (7e44ac6b)
0012e100: USER32!_except_handler3+0 (7e44048f)
CRT scope 0, func: USER32!UserCallWinProcCheckWow+155 (7e44ac6b)
0012e2ac: USER32!_except_handler3+0 (7e44048f)
CRT scope 0, func: USER32!UserCallWinProcCheckWow+155 (7e44ac6b)
0012ec1c: fuzeZip+10041 (00410041)
Invalid exception stack at 00410041
By opening a specially crafted zip file, it is possible to execute arbitrary code.We can sucesfully exploit the vulnerability in order to gain code execution and
bypassing SAFESEH.
[ VENDOR COMMUNICATION ]
16/04/2013 : vendor contacted
17/04/2013: automatic response from vendor but no reponse after
17/04/2013: vendor contacted again but no response
29/04/2013.- PUBLIC DISCLOSURE
# 0day.today [2018-02-17] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Sep 2013 00:00Current
7.8High risk
Vulners AI Score7.8
EPSS0.01524