AutoMate Buffer Overflow in 'unacev2.dll' Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1016257
|
|
SecurityTracker URL: http://securitytracker.com/id?1016257
|
|
CVE Reference: CVE-2005-2856
(Links to External Site)
|
Date: Jun 9 2006
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
|
Advisory: Secunia Research
|
Version(s): 6.1.0.0; possibly other versions
|
Description: A vulnerability was reported in AutoMate. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create an ACE archive containing a file with a specially crafted filename. When the target user schedules a task
to extract the archive and the task subsequently executes, a buffer overflow will occur and arbitrary code will be executed on the
target system.
The buffer overflow resides in 'UNACEV2.DLL'.
The vendor was notified on May 2, 2006 and later dates.
Secunia
Research discovered these vulnerabilities.
|
Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution: According to the report, the vendor may have released a fix on 2006-05-29.
|
Vendor URL: www.networkautomation.com/automate/automate6/ (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Windows (Any)
|
Reported By: Secunia Research <remove-vuln@secunia.com>
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 09 Jun 2006 09:31:44 +0200
From: Secunia Research <remove-vuln@secunia.com>
Subject: [Full-disclosure] Secunia Research: AutoMate unacev2.dll Buffer
|
======================================================================
Secunia Research 07/06/2006
- AutoMate unacev2.dll Buffer Overflow Vulnerability -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9
======================================================================
1) Affected Software
* AutoMate version 6.1.0.0
Other versions may also be affected.
======================================================================
2) Severity
Rating: Less Critical
Impact: System Access
Where: Remote
======================================================================
3) Description of Vulnerability
Secunia Research has discovered a vulnerability in AutoMate, which
can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in UNACEV2.DLL
when extracting an ACE archive containing a file with an overly long
filename. This can be exploited to cause a stack-based buffer overflow
when a user extracts a specially crafted ACE archive.
The vulnerability is related to:
SA16479
Successful exploitation requires that the user is e.g. tricked into
scheduling a task to extract a malicious ACE archive.
======================================================================
4) Solution
The vendor reportedly released a fix on 2006-05-29.
Do not extract untrusted ACE archives.
======================================================================
5) Time Table
02/05/2006 - Initial vendor notification.
09/05/2006 - Initial vendor reply.
16/05/2006 - Vendor reminder.
16/05/2006 - Vendor reply.
30/05/2006 - Vendor reminder.
07/06/2006 - Public disclosure. (No reply from vendor)
======================================================================
6) Credits
Discovered by Secunia Research.
======================================================================
7) References
SA16479:
http://secunia.com/advisories/16479/
The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2005-2856 for the vulnerability.
======================================================================
8) About Secunia
Secunia collects, validates, assesses, and writes advisories regarding
all the latest software vulnerabilities disclosed to the public. These
advisories are gathered in a publicly available database at the
Secunia website:
http://secunia.com/
Secunia offers services to our customers enabling them to receive all
relevant vulnerability information to their specific system
configuration.
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/secunia_security_advisories/
======================================================================
9) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2006-38/advisory/
Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/
======================================================================
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
|
|
