[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [CORELAN-10-032] - Easyzip 2000 .zip Stack BOF

To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] [CORELAN-10-032] - Easyzip 2000 .zip Stack BOF
From: Security <security@xxxxxxxxxx>
Date: Sun, 25 Apr 2010 10:28:31 +0200

|------------------------------------------------------------------|
|                         __               __                      |
|   _________  ________  / /___ _____     / /____  ____ _____ ___  |
|  / ___/ __ \/ ___/ _ \/ / __ `/ __ \   / __/ _ \/ __ `/ __ `__ \ |
| / /__/ /_/ / /  /  __/ / /_/ / / / /  / /_/  __/ /_/ / / / / / / |
| \___/\____/_/   \___/_/\__,_/_/ /_/   \__/\___/\__,_/_/ /_/ /_/  |
|                                                                  |
|                                       http://www.corelan.be:8800 |
|                                              security@xxxxxxxxxx |
|                                                                  |
|-------------------------------------------------[ EIP Hunters ]--|
|                                                                  |
|                 Vulnerability Disclosure Report                  |
|                                                                  |
|------------------------------------------------------------------|

Advisory : CORELAN-10-032
Disclosure date : 21st Apr 2010
http://www.corelan.be:8800/advisories.php?id=CORELAN-10-032


0x00 : Vulnerability information

 [+] Product : Easyzip 2000
 [+] Version : 3.5
 [+] Vendor : http://www.thefreesite.com/
 [+] URL : http://www.thefreesite.com/ezip35.exe
 [+] Type of vulnerability : Local Buffer Overflow
 [+] Risk rating : High
 [+] Issue fixed in version : none
 [+] Vulnerability discovered by : mr_me
 [+] Greetings to : The Corelan Security Team 
(http://www.corelan.be:8800/index.php/security/corelan-team-members/)



0x01 : Vendor description of software

>From the vendor website:

This freeware utility is a powerful, easy-to-use FREE zip and unzip utility. 
It offers all the features you'd find in the commercial compression programs.



0x02 : Vulnerability details
Local Stack Overflow:

When the application receives a malicious '.zip' file it fails to properly 
sanitize the 'filename' section on the zip resulting in a stack based buffer 
overflow. 


0x03 : Vendor communication

 [*] 8th Apr, 2010 : Vendor contacted
 [*] 18th Apr, 2010 : Vendor reminded of vulnerability
 [*] 25th Apr, 2010 : No response
 [*] 25th Apr, 2010 : Public Disclosure



0x04 : Exploit/PoC

http://www.corelan.be:8800/advisories.php?id=CORELAN-10-032

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] HP System Management Homepage(SMH) | URL Redirection Abuse
Next by Date: [Full-disclosure] t2'10: Call for Papers 2010 (Helsinki / Finland)
Previous by thread: [Full-disclosure] HP System Management Homepage(SMH) | URL Redirection Abuse
Next by thread: [Full-disclosure] [CORELAN-10-032] - Easyzip 2000 .zip Stack BOF
Index(es):
- Date
- Thread