PicoZip Zipinfo.DLL 缓冲区溢出漏洞

漏洞信息详情

PicoZip Zipinfo.DLL 缓冲区溢出漏洞

漏洞简介

PicoZip 4.01中的信息提示shell扩展(zipinfo.dll)存在基于栈的缓冲区溢出。远程攻击者可以借助可在用户将鼠标移到档案上面时触发的,(1)ACE,(2)RAR或(3)ZIP档案中的长文件名,执行任意代码。

漏洞公告

厂商已发布4.0.2 版以解决此问题;请参阅引用章节了解详情。

http://www.picozip.com/download_PicoZipSetup.html

参考网址

来源: BID

名称: 18425

链接:http://www.securityfocus.com/bid/18425

来源: BUGTRAQ

名称: 20060614 Secunia Research: PicoZip “zipinfo.dll” Multiple Archives BufferOverflow

链接:http://www.securityfocus.com/archive/1/archive/1/437103/100/0/threaded

来源: VUPEN

名称: ADV-2006-2330

链接:http://www.frsirt.com/english/advisories/2006/2330

来源: MISC

链接:http://secunia.com/secunia_research/2006-42/advisory/

来源: SECUNIA

名称: 20481

链接:http://secunia.com/advisories/20481

来源: www.picozip.com

链接:http://www.picozip.com/changelog.html

来源: XF

名称: picozip-zipinfo-bo(27096)

链接:http://xforce.iss.net/xforce/xfdb/27096

来源: BUGTRAQ

名称: 20060616 Re: Secunia Research: PicoZip “zipinfo.dll” Multiple Archives BufferOverflow

链接:http://www.securityfocus.com/archive/1/archive/1/437450/100/100/threaded

来源: OSVDB

名称: 26447

链接:http://www.osvdb.org/26447

来源: SECTRACK

名称: 1016308

链接:http://securitytracker.com/id?1016308

来源: SREASON

名称: 1104

链接:http://securityreason.com/securityalert/1104

受影响实体

© 版权声明
THE END
喜欢就支持一下吧
点赞0 分享