---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Compression Plus ZOO Archive Processing Buffer Overflow SECUNIA ADVISORY ID: SA21714 VERIFY ADVISORY: http://secunia.com/advisories/21714/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote SOFTWARE: Compression Plus 5.x http://secunia.com/product/11801/ DESCRIPTION: A vulnerability has been reported in Compression Plus, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in CP5DLL32.DLL during the processing of ZOO archives. This can be exploited to cause a stack-based buffer overflow via a malicious ZOO archive with an overly large size field in the header. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patch. http://www.becubed.com/downloads/compsetup.exe PROVIDED AND/OR DISCOVERED BY: Michael Ligh, Greg Sinclair, and Amanda Wright. ORIGINAL ADVISORY: Mnin.org: http://www.mnin.org/advisories/2006_cp5_tweed.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------