ZipCentral ZIP File Buffer Overflow Vulnerability

Bugtraq ID:	18160
Class:	Boundary Condition Error
CVE:	CVE-2006-2439
Remote:	Yes
Local:	No
Published:	May 30 2006 12:00AM
Updated:	Jul 22 2010 12:46PM
Credit:	Tan Chew Keong of Secunia Research disclosed this vulnerability.
Vulnerable:	ZipCentral ZipCentral 4.01
Not Vulnerable:

ZipCentral ZIP File Buffer Overflow Vulnerability

ZipCentral is susceptible to a buffer-overflow vulnerability. The application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

This issue allows attackers to execute arbitrary machine code in the context of users running the affected application.

Version 4.01 of ZipCentral is vulnerable to this issue; prior versions may also be affected.

ZipCentral ZIP File Buffer Overflow Vulnerability

The following exploits are available:

• /data/vulnerabilities/exploits/18160.c
• /data/vulnerabilities/exploits/18160.py
• /data/vulnerabilities/exploits/18160.pl

ZipCentral ZIP File Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]

ZipCentral ZIP File Buffer Overflow Vulnerability

References:

• ZipCentral (ZipCentral)
  
• ZipCentral ZIP File Handling Buffer Overflow Vulnerability (Secunia)
  
• Secunia Research: ZipCentral ZIP File Handling Buffer Overflow Vulnerability (Secunia Research)