PeaZip '.Zip' Remote Arbitrary Command Execution Vulnerability
BID:39906
Info
PeaZip '.Zip' Remote Arbitrary Command Execution Vulnerability
| Bugtraq ID: | 39906 |
| Class: | Input Validation Error |
| CVE: |
CVE 2009-2261 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 05 2009 12:00AM |
| Updated: | Oct 26 2010 09:48PM |
| Credit: | Nine:Situations:Group |
| Vulnerable: |
PeaZip PeaZip 2.6.1 |
| Not Vulnerable: |
PeaZip PeaZip 2.6.2 |
Discussion
PeaZip '.Zip' Remote Arbitrary Command Execution Vulnerability
PeaZip is prone to an arbitrary command-execution vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to execute arbitrary shell commands in the context of the webserver process. This may help attackers compromise the underlying system; other attacks are also possible.
PeaZip 2.6.1 is vulnerable; prior versions may also be affected.
PeaZip is prone to an arbitrary command-execution vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to execute arbitrary shell commands in the context of the webserver process. This may help attackers compromise the underlying system; other attacks are also possible.
PeaZip 2.6.1 is vulnerable; prior versions may also be affected.
Exploit / POC
PeaZip '.Zip' Remote Arbitrary Command Execution Vulnerability
To exploit this issue, an attacker must entice an unsuspecting victim to use the affected application to open a malicious file.
The following exploit is available:
To exploit this issue, an attacker must entice an unsuspecting victim to use the affected application to open a malicious file.
The following exploit is available:
Solution / Fix
PeaZip '.Zip' Remote Arbitrary Command Execution Vulnerability
Solution:
Updates are available. Please see the references for details.
Solution:
Updates are available. Please see the references for details.
References
PeaZip '.Zip' Remote Arbitrary Command Execution Vulnerability
References:
References:
- PeaZip - Changelog (SourceForge)
- PeaZip Homepage (PeaZip)