Info

Disclosure

Dec 07, 2004

Discovery

Dec 06, 2004

Dates

Exploit

Dec 06, 2004

Solution

Unknown

Description

A remote overflow exists in GetRight. The GetRight DUNZIP32.dll fails to properly check skin files resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Upgrade to version 5.2b or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Headlight Software, Inc.	GetRight	5.2a
		1.3
		2.2
		3.01
		3.02
		3.1
		3.2
		3.3.3
		3.3.4
		4.0.0
		4.1
		4.2c
		4.3
		4.5
		4.5c
		4.5d
		4.5e
		5.0.1a
		5.0.2

References

Security Tracker: 1012430
Secunia Advisory ID: 13391
ISS X-Force ID: 18381
CVE ID: 2004-0575 (see also: NVD)
Vendor URL: http://www.getright.com/
Other Advisory URL: http://www.getright.com/new52.html

Credit

ATmaCA - atmacaprohack.net -

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Headlight Software, Inc.

GetRight

References

Credit