FilZip Buffer Overflow in 'unacev2.dll' in Processing ACE Archives Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1016088 |
|
SecurityTracker URL: http://securitytracker.com/id/1016088
|
|
CVE Reference:
CVE-2005-2856
(Links to External Site)
|
Date: May 15 2006
|
Impact:
Execution of arbitrary code via network, User access via network
|
|
Version(s): 3.04
|
Description:
A vulnerability was reported in FilZip. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create an ACE archive containing a file with a specially crafted filename. When the archive is expanded, a buffer overflow will occur in 'unacev2.dll' and arbitrary code will be executed on the target user's system. The code will run with the privileges of the target user.
The vendor was notified on April 26, 2006 and several additional times without response.
Secunia Research discovered this vulnerability.
|
Impact:
A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.filzip.com/ (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 15 May 2006 08:37:48 -0400
Subject: FilZip unacev2.dll Buffer Overflow Vulnerability
|
http://secunia.com/secunia_research/2006-30/advisory/
CVE-2005-2856
|
|
