WinZip Unspecified Buffer Overflows May Let Remote or Local Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1011132
|
|
SecurityTracker URL: http://securitytracker.com/id?1011132
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Sep 1 2004
|
Impact: Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 9.0 and prior versions
|
Description: Some vulnerabilities were reported in WinZip. A remote or local user may be able to execute arbitrary code.
The vendor reported that they discovered some vulnerabilities, including potential buffer overflows, during an internal review of
the WinZip code.
In addition, a WinZip user discovered a buffer overflow, where a local user can supply a specially crafted WinZip
command line to trigger the overflow.
No further details were provided.
|
Impact: A remote or local user may be able to cause arbitrary code to be executed.
|
Solution: A fix (9.0 SR-1) is available at:
http://www.winzip.com/upgrade.htm
|
Vendor URL: www.winzip.com/wz90sr1.htm (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 1 Sep 2004 07:31:24 -0400
Subject: http://www.winzip.com/wz90sr1.htm
|
WinZip reported discovering some vulnerabilities, including potential buffer
overflows, during an internal review of the WinZip code. In addition, a WinZip
user discovered a buffer overflow, where a local user can supply a specially crafted
WinZip command line to trigger the overflow.
A fix (9.0 SR-1) is available at:
http://www.winzip.com/upgrade.htm
|
|
