TITLE: ZipGenius Multiple Archive Handling Buffer Overflow SECUNIA ADVISORY ID: SA17061 VERIFY ADVISORY: http://secunia.com/advisories/17061/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote SOFTWARE: ZipGenius 5.x http://secunia.com/product/4603/ ZipGenius 6.x http://secunia.com/product/5957/ DESCRIPTION: Secunia Research has discovered some vulnerabilities in ZipGenius, which can be exploited by malicious people to compromise a user's system. 1) A boundary error exists in "zipgenius.exe", "zg.exe", "zgtips.dll", and "contmenu.dll" when reading the filename of a compressed file from a ZIP archive. This can be exploited to cause a stack-based buffer overflow when a malicious archive containing a file with an overly long filename is read either in ZipGenius or from Windows Explorer. 2) A boundary error exists in "zipgenius.exe" when handling the original name of a UUE/XXE/MIM encoded file. This can be exploited to cause a stack-based buffer overflow when a malicious UUE/XXE/MIM archive containing an encoded file with an overly long filename is opened. 3) A boundary error exists in "unacev2.dll" when extracting an ACE archive containing a file with an overly long filename. This can be exploited to cause a stack-based buffer overflow when a malicious ACE archive is extracted using "zipgenius.exe" or "zg.exe". Vulnerability #3 is related to: SA14359 The vulnerabilities have been confirmed in version 5.5.1.468 and 6.0.2.1041. Prior versions may also be affected. SOLUTION: Update to version 6.0.2.1050. http://downloads.zipgenius.it/ PROVIDED AND/OR DISCOVERED BY: Tan Chew Keong, Secunia Research. ORIGINAL ADVISORY: ZipGenius: http://forum.zipgenius.it/index.php?showtopic=684 Secunia Research: http://secunia.com/secunia_research/2005-54/advisory/ OTHER REFERENCES: SA14359: http://secunia.com/advisories/14359/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------