TweakFS Zip Utility ZIP File Remote Stack Overflow Vulnerability
BID:39565
Info
TweakFS Zip Utility ZIP File Remote Stack Overflow Vulnerability
| Bugtraq ID: | 39565 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2010-1458 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 19 2010 12:00AM |
| Updated: | Jun 22 2010 05:18PM |
| Credit: | TecR0c |
| Vulnerable: |
TweakFS TweakFS Zip Utility 1.0 |
| Not Vulnerable: | |
Discussion
TweakFS Zip Utility ZIP File Remote Stack Overflow Vulnerability
TweakFS Zip Utility is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
TweakFS Zip Utility 1.0 is vulnerable; other versions may be affected.
TweakFS Zip Utility is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
TweakFS Zip Utility 1.0 is vulnerable; other versions may be affected.
Exploit / POC
TweakFS Zip Utility ZIP File Remote Stack Overflow Vulnerability
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following proof of concept is available:
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following proof of concept is available:
Solution / Fix
TweakFS Zip Utility ZIP File Remote Stack Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
TweakFS Zip Utility ZIP File Remote Stack Overflow Vulnerability
References:
References:
- [Full-disclosure] [CORELAN-10-026] TweakFS Zip Stack BOF (Neohapsis)
- TweakFS - Homepage (TweakFS)