Bugtraq: WinZip Unspecified Buffer Overflows May Let Remote or Local Users Execute Arbitrary Code

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

WinZip Unspecified Buffer Overflows May Let Remote or Local Users Execute Arbitrary Code

From: "Jérôme" ATHIAS <jerome.athias () caramail com>
Date: 2 Sep 2004 04:36:10 -0000

Date:  Wed, 1 Sep 2004 07:31:24 -0400
Subject:  http://www.winzip.com/wz90sr1.htm 

WinZip reported discovering some vulnerabilities, including potential buffer 
overflows, during an internal review of the WinZip code.  In addition, a WinZip
user discovered a buffer overflow, where a local user can supply a specially crafted
WinZip command line to trigger the overflow.

A fix (9.0 SR-1) is available at:

http://www.winzip.com/upgrade.htm

------------------------------------------

I don't have more informations.
You can just check 
http://www.securitytracker.com/alerts/2004/Sep/1011132.html

Regards.
JÃ©rÃ´me

By Date By Thread

Current thread:

WinZip Unspecified Buffer Overflows May Let Remote or Local Users Execute Arbitrary Code Jérôme (Sep 02)