yEnc32 Decoder Overly Long Filename Heap Buffer Overflow Vulnerability
BID:23948
Info
yEnc32 Decoder Overly Long Filename Heap Buffer Overflow Vulnerability
| Bugtraq ID: | 23948 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-2646 |
| Remote: | Yes |
| Local: | No |
| Published: | May 12 2007 12:00AM |
| Updated: | May 07 2015 05:39PM |
| Credit: | Tan Chew Keong is credited with the discovery of this issue. |
| Vulnerable: |
yEnc32 yEnc32 1.0.7.207 |
| Not Vulnerable: |
yEnc32 yEnc32 1.0.7.208 |
Discussion
yEnc32 Decoder Overly Long Filename Heap Buffer Overflow Vulnerability
yEnc32 Decoder is prone to a heap-based buffer-overflow issue because it fails to properly check boundaries on user-supplied data before copying it into an insufficiently sized memory buffer.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.
yEnc32 Decoder 1.0.7.207 is vulnerable.
yEnc32 Decoder is prone to a heap-based buffer-overflow issue because it fails to properly check boundaries on user-supplied data before copying it into an insufficiently sized memory buffer.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.
yEnc32 Decoder 1.0.7.207 is vulnerable.
Exploit / POC
yEnc32 Decoder Overly Long Filename Heap Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
yEnc32 Decoder Overly Long Filename Heap Buffer Overflow Vulnerability
Solution:
This issue has been addressed in yEnc 1.0.7.208. Please see the references for more information.
yEnc32 yEnc32 1.0.7.207
Solution:
This issue has been addressed in yEnc 1.0.7.208. Please see the references for more information.
yEnc32 yEnc32 1.0.7.207
-
yEnc32 yenc32-108.exe
http://superb-east.dl.sourceforge.net/sourceforge/yenc32/yenc32-108.ex e
References
yEnc32 Decoder Overly Long Filename Heap Buffer Overflow Vulnerability
References:
References: