Beyond Compare ZIP Archive Stack Buffer Overflow Vulnerability
BID:39907
Info
Beyond Compare ZIP Archive Stack Buffer Overflow Vulnerability
| Bugtraq ID: | 39907 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 04 2010 12:00AM |
| Updated: | May 04 2010 12:00AM |
| Credit: | mr_me |
| Vulnerable: |
Scooter Software Beyond Compare 3.0.13 b9599 Scooter Software Beyond Compare 3 |
| Not Vulnerable: | |
Discussion
Beyond Compare ZIP Archive Stack Buffer Overflow Vulnerability
Beyond Compare is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Beyond Compare 3.0.19 b9599 is vulnerable; other versions may also be affected.
Beyond Compare is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Beyond Compare 3.0.19 b9599 is vulnerable; other versions may also be affected.
Exploit / POC
Beyond Compare ZIP Archive Stack Buffer Overflow Vulnerability
The following exploit code is available:
The following exploit code is available:
Solution / Fix
Beyond Compare ZIP Archive Stack Buffer Overflow Vulnerability
Solution:
Updates are available. Please see the references for details.
Solution:
Updates are available. Please see the references for details.
References
Beyond Compare ZIP Archive Stack Buffer Overflow Vulnerability
References:
References:
- Beyond Compare Homepage (Scooter Software)
- CORELAN-10-036 �?? Beyond Compare (.zip) bof (mr_me)