[原文]Heap-based buffer overflow in the TZipTV component in (1) ZipTV for Delphi 7 2006.1.26 and for C++ Builder 2006-1.16, (2) PentaZip 126.96.36.199 and PentaSuite-PRO 188.8.131.52, and possibly other products, allows user-assisted attackers to execute arbitrary code via an ARJ archive with a long header. NOTE: the ACE archive vector is covered by CVE-2005-2856.
Microchip Data Systems ZipTV for Delphi 7 2006.1.26
Microchip Data Systems ZipTV for C++ Builder 2006.1.16
The TZipTV component of ZipTV is prone to a buffer-overflow vulnerability when handling malformed ARJ archives. Successful exploitation may allow an attacker to crash the application crash or execute arbitrary code.
ZipTV for Delphi 7 version 2006.1.26 and ZipTV for C++ Builder version 2006-1.16 are known to be vulnerable; other versions may also be affected.
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: firstname.lastname@example.org
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: email@example.com:firstname.lastname@example.org.