Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Windows --> Category: infos

Compression Plus Zoo Archive Processing Buffer Overflow Vulnerability Vulnerability Scan


Vulnerability Scan Summary
Checks version of Compression Plus' cp5dll32.dll

Detailed Explanation for this Vulnerability Test

Synopsis :

There is a library file installed on the remote Windows host that is
affected by a buffer overflow vulnerability.

Description :

The version of the Compression Plus toolkit installed on the remote
host contains a DLL that reportedly is prone to a stack-based overflow
when processing specially-crafted ZOO files. Exploitation depends on
how the toolkit is used, especially with third-party products.

See also :

http://www.mnin.org/advisories/2006_cp5_tweed.pdf
http://www.becubed.com/downloads/compfix.txt
https://kb1.tumbleweed.com/article.asp?article=4175&p=2

Solution :

Contact the vendor for a fix or upgrade Cp5dll32.dll to version
5.0.1.28 or later.

Threat Level:

Medium / CVSS Base Score : 5.6
(AV:R/AC:H/Au:NR/C:P/I:P/A:P/B:N)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.