ICEOWS ICEGUI.DLL ACE File Processing Buffer Overflow Vulnerability
BID:25844
Info
ICEOWS ICEGUI.DLL ACE File Processing Buffer Overflow Vulnerability
| Bugtraq ID: | 25844 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-5155 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 28 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | Tan Chew Keong disclosed this vulnerability. |
| Vulnerable: |
ICEOWS ICEOWS 4.20b |
| Not Vulnerable: | |
Discussion
ICEOWS ICEGUI.DLL ACE File Processing Buffer Overflow Vulnerability
ICEOWS is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer while processing filenames in ACE archives.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of users running the affected application.
ICEOWS 4.20b is vulnerable; prior versions may also be affected.
ICEOWS is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer while processing filenames in ACE archives.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of users running the affected application.
ICEOWS 4.20b is vulnerable; prior versions may also be affected.
Exploit / POC
ICEOWS ICEGUI.DLL ACE File Processing Buffer Overflow Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to view a maliciously crafted web page.
The researcher who discovered this issue has developed exploit code for this vulnerability. This exploit is not publicly available.
To exploit this issue, an attacker must entice an unsuspecting user to view a maliciously crafted web page.
The researcher who discovered this issue has developed exploit code for this vulnerability. This exploit is not publicly available.
Solution / Fix
ICEOWS ICEGUI.DLL ACE File Processing Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
ICEOWS ICEGUI.DLL ACE File Processing Buffer Overflow Vulnerability
References:
References:
- ICEOWS Homepage (ICEOWS)
- ICEOWS Vulnerability Research Advisory (Tan Chew Keong)