PowerArchiver PAISO.DLL ISO File Handling Buffer Overflow Vulnerability

Bugtraq ID:	21867
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 04 2007 12:00AM
Updated:	Jan 04 2007 12:00AM
Credit:	Discovered by Tan Chew Keong.
Vulnerable:	PowerArchiver PowerArchiver 2006 9.64.2 PowerArchiver PowerArchiver 2006 9.5 Beta 6 PowerArchiver PowerArchiver 2006 9.5 Beta 5 PowerArchiver PowerArchiver 2006 9.5 Beta 4 PowerArchiver PowerArchiver 2004 9.26 PowerArchiver PowerArchiver 2004 9.25 PowerArchiver PowerArchiver 2003 8.60 PowerArchiver PowerArchiver 2002 8.10
Not Vulnerable:	PowerArchiver PowerArchiver 2006 9.64.3

PowerArchiver PAISO.DLL ISO File Handling Buffer Overflow Vulnerability

PowerArchiver is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Exploiting this vulnerability allows attackers to execute arbitrary machine code in the context of the affected application.

Versions of PowerArchiver 2006 prior to 9.64.03 are vulnerable to this issue.

PowerArchiver PAISO.DLL ISO File Handling Buffer Overflow Vulnerability

The researcher responsible for discovering this issue has developed an exploit for this issue. This exploit is not publicly available.

PowerArchiver PAISO.DLL ISO File Handling Buffer Overflow Vulnerability

Solution:
The vendor has released version 9.64.03 to address this issue.

PowerArchiver PAISO.DLL ISO File Handling Buffer Overflow Vulnerability

References:

• PowerArchiver PAISO.DLL Buffer Overflow Vulnerability (Tan Chew Keong)
  
• PowerArchiver Web Site (PowerArchiver)