SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   ZipGenius Vendors:   M.Dev Software
ZipGenius Buffer Overflows in Processing ACE and ZIP Archives and UUE Encoded Files Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1015090
SecurityTracker URL:  http://securitytracker.com/id/1015090
CVE Reference:   CVE-2005-3317   (Links to External Site)
Updated:  Nov 2 2008
Original Entry Date:  Oct 21 2005
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 6.0.2.1050
Description:   A vulnerability was reported in ZipGenius. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted archive that, when processed by the target user with ZipGenius, will trigger an overflow and execute arbitrary code on the target user's system. The code will run with the privileges of the target user.

The processing of ACE archives, ZIP archives, and UUE/XXE/MIM encoded files contains buffer overflow vulnerabilities.

A specially crafted filename of a compressed file in a ZIP archive can trigger an overflow in "zipgenius.exe", "zg.exe", "zgtips.dll", and "contmenu.dll".

A specially crafted original filename of a UUE/XXE/MIM encoded file can trigger an overflow in "zipgenius.exe".

A specially crafted filename in an ACE archive can trigger an overflow in "unacev2.dll".

The vendor was notified on October 4, 2005.

Tan Chew Keong of Secunia Research discovered this vulnerability.

Impact:   A remote user can create an archive that, when processed by the target user, will execute arbitrary code on the target user's system with the privileges of the target user.
Solution:   The vendor has issued a fixed version (6.0.2.1050), available at:

http://downloads.zipgenius.it/

Vendor URL:  www.zipgenius.it/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [Full-disclosure] Secunia Research: ZipGenius Multiple Archive

====================================================================== 

                     Secunia Research 21/10/2005

       - ZipGenius Multiple Archive Handling Buffer Overflow -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

====================================================================== 
1) Affected Software 

ZipGenius Version 5.5.1.468 and 6.0.2.1041.

Prior versions may also be affected.

====================================================================== 
2) Severity 

Rating: Moderately Critical
Impact: System access
Where:  Remote

====================================================================== 
3) Description of Vulnerability

Secunia Research has discovered some vulnerabilities in ZipGenius,
which can be exploited by malicious people to compromise a user's
system. 

1) A boundary error exists in "zipgenius.exe", "zg.exe", "zgtips.dll",
and "contmenu.dll" when reading the filename of a compressed file
from a ZIP archive. This can be exploited to cause a stack-based
buffer overflow when a malicious archive containing a file with an
overly long filename is read either in ZipGenius or from Windows
Explorer.

2) A boundary error exists in "zipgenius.exe" when handling the 
original name of a UUE/XXE/MIM encoded file. This can be exploited
to cause a stack-based buffer overflow when a malicious UUE/XXE/MIM 
archive containing an encoded file with an overly long filename is 
opened.

3) A boundary error exists in "unacev2.dll" when extracting an ACE 
archive containing a file with an overly long filename. This can be 
exploited to cause a stack-based buffer overflow when a malicious
ACE archive is extracted using "zipgenius.exe" or "zg.exe".

Vulnerability #3 is related to:
SA14359

====================================================================== 
4) Solution 

Update to version 6.0.2.1050.

====================================================================== 
5) Time Table 

04/10/2005 - Initial vendor notification.
05/10/2005 - Initial vendor reply.
20/10/2005 - Vendor released fixed version.
21/10/2005 - Public disclosure.

====================================================================== 
6) Credits 

Discovered by Tan Chew Keong, Secunia Research.

====================================================================== 
7) References

ZipGenius:
http://forum.zipgenius.it/index.php?showtopic=684

====================================================================== 
8) About Secunia 

Secunia collects, validates, assesses, and writes advisories regarding 
all the latest software vulnerabilities disclosed to the public. These 
advisories are gathered in a publicly available database at the 
Secunia website: 

http://secunia.com/

Secunia offers services to our customers enabling them to receive all 
relevant vulnerability information to their specific system 
configuration. 

Secunia offers a FREE mailing list called Secunia Security Advisories: 

http://secunia.com/secunia_security_advisories/

====================================================================== 
9) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2005-54/advisory/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC