 Number 257 - October 2004 |
|
| Winzip Unspecified Multiple Buffer Overflow Vulnerabilities | |
|
by Kevyn Eckstrom, Anteon Corporation, [Eckstrom.Kevyn@imfb.navy.mil] September 2004 Submitted by Ray Mills r.mills@rm-a.com<\A> | |
|
The following is considered highly critical impacting system access by remote sites/users.
Software Affected: WinZip 9.x, WinZip 8.x, WinZip 7.x, WinZip 6.x, WinZip 3.x Description of Problem Multiple vulnerabilities have been reported in Winzip, which potentially can be exploited to compromise a user's system. viz: |
1. Some unspecified vulnerabilities which can be exploited to cause buffer over flows. Successful exploitation can potentially lead to execution of arbitrary code.
2. A problem caused due to insufficient validation of command-line arguments. This can be easily exploited by using a specially crafted argument to cause a buffer overflow and potentially execute arbitrary code. Solution Update to WinZip 9.0 SR-1: at <www.winzip.com/upgrade.htm>. |
|
Number 257 - October 2004
|
|