Archive Searcher ZIP File Remote Stack Buffer Overflow Vulnerability

Bugtraq ID:	39527
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 16 2010 12:00AM
Updated:	Apr 16 2010 12:00AM
Credit:	Lincoln
Vulnerable:	Miniwish Software Archive Searcher 2.1
Not Vulnerable:

Archive Searcher ZIP File Remote Stack Buffer Overflow Vulnerability

Archive Searcher is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

Archive Searcher 2.1 is vulnerable; other versions may be affected.

Archive Searcher ZIP File Remote Stack Buffer Overflow Vulnerability

The following proof of concept is available:

• /data/vulnerabilities/exploits/39527.rb

Archive Searcher ZIP File Remote Stack Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Archive Searcher ZIP File Remote Stack Buffer Overflow Vulnerability

References:

• Archive Searcher - Homepage (Miniwish Software)
  
• CORELAN-10-025 Archive Searcher .zip Stack Overflow (CORELAN)
  
• CORELAN-10-025 Archive Searcher .zip Stack Overflow (Full Disclosure)