ZipItFree '.zip' File Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/48629

Security Info

Bugtraq ID:	48629
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Jul 08 2011 12:00AM
Updated:	Jul 13 2012 11:50AM
Credit:	C4SS!0 G0M3S
Vulnerable:	MicroSmarts ZipItFree 3.0

Not Vulnerable:

Security Discussion

ZipItFree is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

ZipItFree 3.0 is vulnerable; other versions may also be affected.

Proof of Concept and Security Exploits

The following exploit code is available:

Security Solution(s)

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

Security References(s)

References:

ZipItFree (MicroSmarts)

Emagined Security Blog featuring Dr. Eugene Schultz

Secure Web Programming
by Vizual Services