Ken Ward's Zipper 'filename' Stack-Based Buffer Overflow Vulnerability

Bugtraq ID:	38885
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 22 2010 12:00AM
Updated:	Mar 22 2010 12:00AM
Credit:	Peter Van Eeckhoutte a.k.a. corelanc0d3r
Vulnerable:	Ken Ward Ken Ward's Zipper 4.60.19
Not Vulnerable:

Ken Ward's Zipper 'filename' Stack-Based Buffer Overflow Vulnerability

Ken Ward's Zipper is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Ken Ward's Zipper 4.60.019 is vulnerable; other versions may also be affected.

Ken Ward's Zipper 'filename' Stack-Based Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].

Ken Ward's Zipper 'filename' Stack-Based Buffer Overflow Vulnerability

References:

• CORELAN-10-016 �?? Ken Ward Zipper .zip Stack BOF (SEH) (Peter Van Eeckhoutte)
  
• Ken Ward Zipper Stack BOF 0day �?? a not so typical SEH exploit (corelanc0d3r)
  
• Ken Ward's Zipper Homepage (Ken Ward)