SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   WinAce Vendors:   winace.com
WinAce Buffer Overflow in ARJ Header Block Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1015672
SecurityTracker URL:  http://securitytracker.com/id/1015672
CVE Reference:   CVE-2006-0813   (Links to External Site)
Date:  Feb 23 2006
Impact:   Execution of arbitrary code via network, User access via network
Vendor Confirmed:  Yes  
Version(s): 2.60
Description:   A vulnerability was reported in WinAce in the processing of ARJ archives. A remote user can execute arbitrary code on the target system.

A remote user can create an ARJ archive with a specially crafted header block that, when opened with WinAce by the target user, will trigger a heap overflow. Arbitrary code can be executed with the privileges of the target user.

The vendor was notified on October 26, 2005.

Tan Chew Keong of Secunia Research discovered this vulnerability.

Impact:   A remote user can create an ARJ archive that, when opened with by the target user, will execute arbitrary code with the privileges of the target user.
Solution:   No solution was available at the time of this entry. The vendor plans to issue a fixed version (2.61).
Vendor URL:  www.winace.com/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [Full-disclosure] Secunia Research: WinACE ARJ Archive Handling

====================================================================== 

                     Secunia Research 23/02/2006

           - WinACE ARJ Archive Handling Buffer Overflow -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

====================================================================== 
1) Affected Software 

* WinACE Version 2.60

Prior versions may also be affected.

====================================================================== 
2) Severity 

Rating: Moderately Critical
Impact: System access
Where:  Remote

====================================================================== 
3) Description of Vulnerability

Secunia Research has discovered a vulnerability in WinACE, which can
be exploited by malicious people to compromise a user's system. 

The vulnerability is caused due to a boundary error when reading an
overly large ARJ header block into a fixed-sized heap buffer. This can
be exploited to cause a heap-based buffer overflow.

Successful exploitation allows execution of arbitrary code when a
malicious ARJ archive is opened.

====================================================================== 
4) Solution 

The vulnerability will be fixed in version 2.61.

====================================================================== 
5) Time Table 

26/10/2005 - Initial vendor notification.
31/10/2005 - Initial vendor reply.
31/10/2005 - Vendor sends fixed version for testing.
15/11/2005 - Vendor reminder.
23/01/2006 - Vendor reminder.
21/02/2006 - Vendor reminder.
23/02/2006 - Public disclosure.

====================================================================== 
6) Credits 

Discovered by Tan Chew Keong, Secunia Research.

====================================================================== 
7) References

The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2006-0813 for the vulnerability.

====================================================================== 
8) About Secunia 

Secunia collects, validates, assesses, and writes advisories regarding 
all the latest software vulnerabilities disclosed to the public. These 
advisories are gathered in a publicly available database at the 
Secunia website: 

http://secunia.com/

Secunia offers services to our customers enabling them to receive all 
relevant vulnerability information to their specific system 
configuration. 

Secunia offers a FREE mailing list called Secunia Security Advisories: 

http://secunia.com/secunia_security_advisories/

====================================================================== 
9) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2005-67/advisory/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC