[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [CORELAN-10-032] - Easyzip 2000 .zip Stack BOF

To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] [CORELAN-10-032] - Easyzip 2000 .zip Stack BOF
From: Peter Van Eeckhoutte <peter.ve@xxxxxxxxxx>
Date: Sun, 25 Apr 2010 10:07:00 +0200

|------------------------------------------------------------------|
|                         __               __                      |
|   _________  ________  / /___ _____     / /____  ____ _____ ___  |
|  / ___/ __ \/ ___/ _ \/ / __ `/ __ \   / __/ _ \/ __ `/ __ `__ \ |
| / /__/ /_/ / /  /  __/ / /_/ / / / /  / /_/  __/ /_/ / / / / / / |
| \___/\____/_/   \___/_/\__,_/_/ /_/   \__/\___/\__,_/_/ /_/ /_/  |
|                                                                  |
|                                       http://www.corelan.be:8800 |
|                                              security@xxxxxxxxxx |
|                                                                  |
|-------------------------------------------------[ EIP Hunters ]--|
|                                                                  |
|                 Vulnerability Disclosure Report                  |
|                                                                  |
|------------------------------------------------------------------|

Advisory : CORELAN-10-032
Disclosure date : 21st Apr 2010
http://www.corelan.be:8800/advisories.php?id=CORELAN-10-032


0x00 : Vulnerability information

 [+] Product : Easyzip 2000
 [+] Version : 3.5
 [+] Vendor : http://www.thefreesite.com/
 [+] URL : http://www.thefreesite.com/ezip35.exe
 [+] Type of vulnerability : Local Buffer Overflow
 [+] Risk rating : High
 [+] Issue fixed in version : none
 [+] Vulnerability discovered by : mr_me
 [+] Greetings to : The Corelan Security Team 
(http://www.corelan.be:8800/index.php/security/corelan-team-members/)



0x01 : Vendor description of software

>From the vendor website:

This freeware utility is a powerful, easy-to-use FREE zip and unzip utility.
It offers all the features you'd find in the commercial compression programs.



0x02 : Vulnerability details
Local Stack Overflow:

When the application receives a malicious '.zip' file it fails to properly 
sanitize the 'filename' section on the zip resulting in a stack based buffer 
overflow.


0x03 : Vendor communication

 [*] 8th Apr, 2010 : Vendor contacted
 [*] 18th Apr, 2010 : Vendor reminded of vulnerability
 [*] 25th Apr, 2010 : No response
 [*] 25th Apr, 2010 : Public Disclosure



0x04 : Exploit/PoC

http://www.corelan.be:8800/advisories.php?id=CORELAN-10-032

This transmission is intended only for use by the intended recipient(s).  If 
you are not an intended recipient you should not read, disclose, copy, 
circulate or in any other way use the information contained in this 
transmission.  The information contained in this transmission may be 
confidential and/or privileged.  If you have received this transmission in 
error, please notify the sender immediately and delete this transmission 
including any attachments.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] t2'10: Call for Papers 2010 (Helsinki / Finland)
Next by Date: Re: [Full-disclosure] Compliance Is Wasted Money, Study Finds
Previous by thread: [Full-disclosure] [CORELAN-10-032] - Easyzip 2000 .zip Stack BOF
Next by thread: [Full-disclosure] [CORELAN-10-032] - Easyzip 2000 .zip Stack BOF
Index(es):
- Date
- Thread