|
Full Disclosure
mailing list archives
CORELAN-10-025 Archive Searcher .zip Stack Overflow
From: Security <security () corelan be>
Date: Fri, 16 Apr 2010 08:20:23 +0200
Advisory : CORELAN-10-025
Disclosure date : April 16th, 2010
http://www.corelan.be:8800/advisories.php?id=CORELAN-10-025
00 : Vulnerability information
Product : Archive Searcher 2.1
Version : 2.1 (latest version)
Vendor : support () miniwish com/ miniwish.com
URL : http://www.miniwish.com/
Platform : Windows
Type of vulnerability : Stack overflow
Risk rating : High
Issue fixed in version : not fixed
Vulnerability discovered by : Lincoln
Corelan Team :
http://www.corelan.be:8800/index.php/security/corelan-team-members/
01 : Vendor description of software
From the vendor website:
"Archive Searcher© helps you finding out a file inside zip/ace/rar/cab compressed files"
02 : Vulnerability details
When a specially crafted zip file is searched for by Archive Searcher, an exception
handler gets overwritten, allowing to trigger arbitrary code execution.
No user intervention is required (except for searching for the file) to gain
code execution.
03 : Author/Vendor communication
March 28th 2010 : author contacted
April 7th 2010 : sent reminder
April 15th 2010 : No response, public disclosure
04: Proof-of Concept
A PoC is available here :
http://www.corelan.be:8800/wp-content/forum-file-uploads/ekse/public/exploits/archive_searcher.rb_.txt
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- CORELAN-10-025 Archive Searcher .zip Stack Overflow Security (Apr 16)
| 
