CVE-2006-3350
CVSS5.1
发布时间 :2006-07-27 20:04:00
修订时间 :2011-03-07 21:38:24
NMCOPS    

[原文]Stack-based buffer overflow in AutoVue SolidModel Professional Desktop Edition 19.1 Build 5993 allows user-assisted remote attackers to execute arbitrary code via a long filename in a (1) ARJ, (2) RAR, or (3) ZIP archive.


[CNNVD]AutoVue SolidModel Professional文档解压栈溢出漏洞(CNNVD-200607-480)

        AutoVue SolidModel是工程及商业文件查看、标注、打印和转换等功能的软件。
        AutoVue SolidModel在处理畸形ARJ、RAR和ZIP文档时存在栈溢出漏洞,远程攻击者可能利用此漏洞在用户机器上执行任意指令。
        如果用户受骗打开了包含有超长文件名的上述文档的话,就会触发这个漏洞,导致执行任意指令。

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3350
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3350
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200607-480
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/27968
(UNKNOWN)  XF  autovue-filename-bo(27968)
http://www.vupen.com/english/advisories/2006/2979
(UNKNOWN)  VUPEN  ADV-2006-2979
http://www.securityfocus.com/bid/19170
(UNKNOWN)  BID  19170
http://www.securityfocus.com/archive/1/archive/1/441173/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060726 Secunia Research: AutoVue SolidModel Professional Buffer OverflowVulnerability
http://secunia.com/secunia_research/2006-56/advisory/
(VENDOR_ADVISORY)  MISC  http://secunia.com/secunia_research/2006-56/advisory/
http://secunia.com/advisories/20852
(VENDOR_ADVISORY)  SECUNIA  20852
http://www.osvdb.org/27516
(UNKNOWN)  OSVDB  27516

- 漏洞信息

AutoVue SolidModel Professional文档解压栈溢出漏洞
中危 缓冲区溢出
2006-07-27 00:00:00 2006-08-07 00:00:00
远程  
        AutoVue SolidModel是工程及商业文件查看、标注、打印和转换等功能的软件。
        AutoVue SolidModel在处理畸形ARJ、RAR和ZIP文档时存在栈溢出漏洞,远程攻击者可能利用此漏洞在用户机器上执行任意指令。
        如果用户受骗打开了包含有超长文件名的上述文档的话,就会触发这个漏洞,导致执行任意指令。

- 公告与补丁

        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        http://www.cimmetry.com/index.html

- 漏洞信息 (F48633)

secunia-AutoVue.txt (PacketStormID:F48633)
2006-07-28 00:00:00
Tan Chew Keong  secunia.com
advisory,overflow,arbitrary
CVE-2006-3350
[点击下载]

Secunia Research has discovered a vulnerability in AutoVue SolidModel Professional Desktop Edition, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the handling of ARJ, RAR, and ZIP archives. This can be exploited to cause a stack-based buffer overflow when a malicious archive containing a file with an overly long filename is opened. Successful exploitation allows execution of arbitrary code. AutoVue SolidModel Professional Desktop Edition version 19.1 Build 5993 is affected. Other versions may also be affected.

====================================================================== 

                    Secunia Research 26/07/2006

  - AutoVue SolidModel Professional Buffer Overflow Vulnerability -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

====================================================================== 
1) Affected Software 

* AutoVue SolidModel Professional Desktop Edition 
  version 19.1 Build 5993.

Other versions may also be affected.

====================================================================== 
2) Severity 

Rating: Moderately Critical
Impact: System Access
Where:  Remote

====================================================================== 
3) Description of Vulnerability

Secunia Research has discovered a vulnerability in AutoVue SolidModel
Professional Desktop Edition, which can be exploited by malicious
people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the 
handling of ARJ, RAR, and ZIP archives. This can be exploited to cause
a stack-based buffer overflow when a malicious archive containing a 
file with an overly long filename is opened.

Successful exploitation allows execution of arbitrary code.

====================================================================== 
4) Solution 

Do not open untrusted archives.

====================================================================== 
5) Time Table 

07/07/2006 - Initial vendor notification.
12/07/2006 - Second vendor notification.
19/07/2006 - Third vendor notification.
26/07/2006 - Public disclosure.

====================================================================== 
6) Credits 

Discovered by Tan Chew Keong, Secunia Research.

====================================================================== 
7) References

The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2006-3350 for the vulnerability.

====================================================================== 
8) About Secunia 

Secunia collects, validates, assesses, and writes advisories regarding 
all the latest software vulnerabilities disclosed to the public. These 
advisories are gathered in a publicly available database at the 
Secunia website: 

http://secunia.com/

Secunia offers services to our customers enabling them to receive all 
relevant vulnerability information to their specific system 
configuration. 

Secunia offers a FREE mailing list called Secunia Security Advisories: 

http://secunia.com/secunia_security_advisories/

====================================================================== 
9) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2006-56/advisory/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================



    

- 漏洞信息

27516
AutoVue SolidModel Professional Multiple Archive Filename Handling Overflow
Local Access Required Input Manipulation
Loss of Integrity, Loss of Availability

- 漏洞描述

A local overflow exists in AutoVue SolidModel Professional. The AutoVue SolidModel Professional fails to open specialy crafted ARJ, RAR and ZIP archive files resulting in a stack overflow. With a specially crafted archive, an attacker can potentially cause the execution of arbitrary code resulting in a loss of availability or integrity.

- 时间线

2006-07-26 2006-07-07
Unknow Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

AutoVue SolidModel Professional Archive Multiple Remote Buffer Overflow Vulnerabilities
Boundary Condition Error 19170
Yes No
2006-07-26 12:00:00 2006-07-27 07:27:00
Tan Chew Keong, Secunia Research is credited with the discovery of this issue.

- 受影响的程序版本

Cimmetry Systems AutoVue SolidModel Professional 19.1 Build 5993

- 漏洞讨论

Multiple remotely exploitable client-side buffer-overflow vulnerabilities reportedly affect AutoVue SolidModel Professional. The application fails to properly validate the length of user-supplied strings before copying them into static process buffers.

An attacker may exploit these issues to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access.

AutoVue SolidModel Professional Desktop Edition DEMO version 19.1 Build 5993 is reportedly vulnerable. Other versions may be affected as well.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.commailto:vuldb@securityfocus.com.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站