BID:39876

Urgent Backup and ABC Backup ZIP File Remote Buffer Overflow Vulnerability

Info

Urgent Backup and ABC Backup ZIP File Remote Buffer Overflow Vulnerability

Bugtraq ID:	39876
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 30 2010 12:00AM
Updated:	Apr 30 2010 12:00AM
Credit:	Lincoln
Vulnerable:	InternetSoft Urgent Backup 3.20 ABC Backup Software ABC Backup Pro 5.20 ABC Backup Software ABC Backup 5.50

Not Vulnerable:

Discussion

Urgent Backup and ABC Backup ZIP File Remote Buffer Overflow Vulnerability

Urgent Backup and ABC Backup are prone to a remote buffer-overflow vulnerability because the applications fail to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

The following versions are vulnerable; other versions may be affected:

ABC Backup 5.50
ABC Backup Pro 5.20
Urgent Backup 3.20

Exploit / POC

Urgent Backup and ABC Backup ZIP File Remote Buffer Overflow Vulnerability

The following exploit is available:

/data/vulnerabilities/exploits/39876.rb

Solution / Fix

Urgent Backup and ABC Backup ZIP File Remote Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

Urgent Backup and ABC Backup ZIP File Remote Buffer Overflow Vulnerability

References:

Urgent Backup - Homepage (InternetSoft)
ABC Backup - Homepage (ABC Backup Software)