SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   SpeedCommander Vendors:   SpeedProject
SpeedCommander Buffer Overflows in Processing ACE Archives May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1016003
SecurityTracker URL:  http://securitytracker.com/id/1016003
CVE Reference:   CVE-2006-2085   (Links to External Site)
Updated:  Aug 15 2009
Original Entry Date:  Apr 27 2006
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.52 Build 4450, 11.01 Build 4450
Description:   A vulnerability was reported in SpeedCommander. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted ACE archive that, when processed by the target user, will trigger a buffer overflow and execute arbitrary code. The code will run with the privileges of the target user.

A long filename within an ACE archive can trigger the overflow in "CxAce60.dll" and "CxAce60u.dll".

The vendor was notified on March 31, 2006.

Tan Chew Keong of Secunia Research discovered this vulnerability.

Impact:   A remote user can create a file that, when processed by the target user, will execute arbitrary code on the target user's system with the privileges of the target user.
Solution:   The vendor has issued a fixed version (10.53 Build 4590 or later 10.x versions, or 11.10 Build 4590 or later 11.x versions), available at:

http://www.speedproject.de/enu/download.html

Vendor URL:  www.speedproject.de/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Secunia Research: SpeedProject Products ACE Archive Handling Buffer

====================================================================== 

                    Secunia Research 26/04/2006

   - SpeedProject Products ACE Archive Handling Buffer Overflow -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

====================================================================== 
1) Affected Software 

* Squeez 5.10 Build 4460
* SpeedCommander 10.52 Build 4450
* SpeedCommander 11.01 Build 4450

Prior versions may also be affected.

====================================================================== 
2) Severity 

Rating: Moderately Critical
Impact: System Access 
Where:  Remote

====================================================================== 
3) Description of Vulnerability

Secunia Research has discovered a vulnerability in various SpeedProject
products, which can be exploited by malicious people to compromise a
user's system.

The vulnerability is caused due to boundary errors in "CxAce60.dll"
and "CxAce60u.dll" within the handling of an ACE archive that contains
a file with an overly long filename. This can be exploited to cause a
stack-based buffer overflow and allows arbitrary code execution when a
specially crafted archive is extracted.

====================================================================== 
4) Solution 

Update to the fixed versions.
http://www.speedproject.de/enu/download.html

Squeez 5:
Update to Squeez 5.20 Build 4600.

SpeedCommander 10:
Update to version 10.53 Build 4590 or later.

SpeedCommander 11:
Update to version 11.10 Build 4590 or later.

====================================================================== 
5) Time Table 

31/03/2006 - Initial vendor notification.
01/04/2006 - Initial vendor reply.
26/04/2006 - Public disclosure.

====================================================================== 
6) Credits 

Discovered by Tan Chew Keong, Secunia Research.

====================================================================== 
7) References

No other references.

====================================================================== 
8) About Secunia 

Secunia collects, validates, assesses, and writes advisories regarding 
all the latest software vulnerabilities disclosed to the public. These 
advisories are gathered in a publicly available database at the 
Secunia website: 

http://secunia.com/

Secunia offers services to our customers enabling them to receive all 
relevant vulnerability information to their specific system 
configuration. 

Secunia offers a FREE mailing list called Secunia Security Advisories: 

http://secunia.com/secunia_security_advisories/

====================================================================== 
9) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2006-23/advisory/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC