Secunia Security Advisory - Secunia Research has discovered some vulnerabilities in ZipGenius, which can be exploited by malicious people to compromise a user's system.
6b311f0ce4cf708527e467dca2c40460f213c233da3d21c23cacd0743525867b
TITLE:
ZipGenius Multiple Archive Handling Buffer Overflow
SECUNIA ADVISORY ID:
SA17061
VERIFY ADVISORY:
https://secunia.com/advisories/17061/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
ZipGenius 5.x
https://secunia.com/product/4603/
ZipGenius 6.x
https://secunia.com/product/5957/
DESCRIPTION:
Secunia Research has discovered some vulnerabilities in ZipGenius,
which can be exploited by malicious people to compromise a user's
system.
1) A boundary error exists in "zipgenius.exe", "zg.exe",
"zgtips.dll", and "contmenu.dll" when reading the filename of a
compressed file from a ZIP archive. This can be exploited to cause a
stack-based buffer overflow when a malicious archive containing a
file with an overly long filename is read either in ZipGenius or from
Windows Explorer.
2) A boundary error exists in "zipgenius.exe" when handling the
original name of a UUE/XXE/MIM encoded file. This can be exploited to
cause a stack-based buffer overflow when a malicious UUE/XXE/MIM
archive containing an encoded file with an overly long filename is
opened.
3) A boundary error exists in "unacev2.dll" when extracting an ACE
archive containing a file with an overly long filename. This can be
exploited to cause a stack-based buffer overflow when a malicious ACE
archive is extracted using "zipgenius.exe" or "zg.exe".
Vulnerability #3 is related to:
SA14359
The vulnerabilities have been confirmed in version 5.5.1.468 and
6.0.2.1041. Prior versions may also be affected.
SOLUTION:
Update to version 6.0.2.1050.
https://downloads.zipgenius.it/
PROVIDED AND/OR DISCOVERED BY:
Tan Chew Keong, Secunia Research.
ORIGINAL ADVISORY:
ZipGenius:
https://forum.zipgenius.it/index.php?showtopic=684
Secunia Research:
https://secunia.com/secunia_research/2005-54/advisory/
OTHER REFERENCES:
SA14359:
https://secunia.com/advisories/14359/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
https://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
https://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------