Thursday, October 06, 2005

[NT] ALZip Multiple Archive Handling Buffer Overflow

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

ALZip Multiple Archive Handling Buffer Overflow
------------------------------------------------------------------------

SUMMARY

" <http://www.altools.net/Default.aspx?tabid=47> ALZip is the easiest to
use, most powerful, and by far the cutest compression utility available."

A buffer overflow vulnerability in ALZip allows attackers to cause the
program to execute arbitrary code.

DETAILS

Vulnerable Systems:
* ALZip version 6.12 (Korean)
* ALZip version 6.1 (International)
* ALZip version 5.52 (English)

Immune Systems:
* ALZip version 6.13 (International)

The vulnerability is caused due to multiple boundary errors when reading
the filename of a compressed file from ALZ, ARJ, ZIP, UUE or XXE archives.
This can be exploited to cause a stack-based buffer overflow (ALZ), or a
heap-based buffer overflow (ARJ / ZIP / UUE / XXE).

Successful exploitation allows execution of arbitrary code when a
malicious ALZ / ARJ archive is opened, or when a ZIP / UUE / XXE archive
is extracted.

Disclosure Timeline:
19/09/2005 - Initial vendor notification
20/09/2005 - Initial vendor reply
28/09/2005 - Notified by vendor that fixed version has been released
05/10/2005 - Public disclosure

ADDITIONAL INFORMATION

The information has been provided by <mailto:vuln@secunia.com> Secunia
Research.
The original article can be found at:
<http://secunia.com/advisories/16847/>
http://secunia.com/advisories/16847/

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

at

No comments:

Post a Comment