WinZip 'Winzip32.exe'缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111993 漏洞类型 缓冲区溢出
发布时间 2007-01-12 更新时间 2007-06-26
CVE编号 CVE-2007-0264 CNNVD-ID CNNVD-200701-246
漏洞平台 Windows CVSS评分 6.6
|漏洞来源
https://www.exploit-db.com/exploits/29447
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200701-246
|漏洞详情
WinZip9.0版本的Winzip32.exe中存在缓冲区溢出漏洞。本地用户可以借助一个过长的指令行参数,引起拒绝服务攻击(应用程序崩溃)以及可能执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/22020/info

WinZip is prone to a remote buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it into an insufficiently sized buffer.

An attacker may exploit this issue to cause denial-of-service conditions and possibly to execute arbitrary code within the context of the affected application, but this has not been confirmed.

This issue affects versions prior to 9.0 SR1. 

Winzip32.exe "A" x 5002
|参考资料

来源:BID
名称:22020
链接:http://www.securityfocus.com/bid/22020
来源:OSVDB
名称:39800
链接:http://osvdb.org/39800