WinZip Command Line Remote Buffer Overflow Vulnerability

Bugtraq ID:	22020
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 12 2007 12:00AM
Updated:	Jan 25 2007 04:31PM
Credit:	Umesh Wanve is credited with the discovery of this vulnerability.
Vulnerable:	WinZip WinZip 9.0
Not Vulnerable:	WinZip WinZip 9.0 SR-1

WinZip Command Line Remote Buffer Overflow Vulnerability

WinZip is prone to a remote buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it into an insufficiently sized buffer.

An attacker may exploit this issue to cause denial-of-service conditions and possibly to execute arbitrary code within the context of the affected application, but this has not been confirmed.

This issue affects versions prior to 9.0 SR1.

WinZip Command Line Remote Buffer Overflow Vulnerability

The following proof of concept is sufficient to demonstrate a local denial of service:

Winzip32.exe "A" x 5002

WinZip Command Line Remote Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any solutions for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

The vendor reports that this issue was addressed in version 9.0 SR1. Symantec has not confirmed this.

WinZip Command Line Remote Buffer Overflow Vulnerability

References:

• WinZip Homepage (WinZip)