OSVDB ID: 19224

Title: WinACE UNACEV2.DLL ACE Archive Filename Overflow

Info

Disclosure

Sep 07, 2005

Discovery

Aug 22, 2005

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in the WinACE UNACEV2 library. The UNACE library used in multiple products fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted ACE archive containing a compressed file with an overly long filename, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Rumored / Private
Disclosure: OSVDB Verified

Solution

Consult your individual vendor for solution information.

Products

ESTSoft	ALZip	6.11 (Korean)
		6.1 beta
		6.03 (English)
		5.52
		5.51

Emsi Software GmbH

a-squared Anti-Trojan

5.5.421

ALTAP, Ltd.	Servant Salamander	2.0
		2.5 Beta 11

Hanspeter Imp	WinHKI	1.66
		1.67

Nathan Moinvaziri

ExtractNow

3.60

Christian Ghisler, C. Ghisler & Co.	Total Commander	6.53
		6.54
		6.54a

ConeXware, Inc.

PowerArchiver

9.60

Robert Galle

WhereIsIt

3.73.501

e-merge GmbH

WinAce

2.6.0.0

SWE von Schleusen	UltimateZip	2.7.1
		3.0.3
		3.1b

Filzip

FilZip

3.04

Ivan Zahariev

IZArc

3.5 beta 3

Eazel.com

Eazel

1.0

Rising Antivirus International Pty Ltd	Rising Antivirus 2006	18.24.10
		18.25.30
		18.25.40
		18.27.21

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

ALZip

a-squared Anti-Trojan

Servant Salamander

WinHKI

ExtractNow

Total Commander

PowerArchiver

WhereIsIt

WinAce

UltimateZip

FilZip

IZArc

Eazel

Rising Antivirus 2006

AutoMate

BitZipper

References

Credit