|
Family: Windows --> Category: infos
Compression Plus Zoo Archive Processing Buffer Overflow Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks version of Compression Plus' cp5dll32.dll
Detailed Explanation for this Vulnerability Test
Synopsis :
There is a library file installed on the remote Windows host that is
affected by a buffer overflow vulnerability.
Description :
The version of the Compression Plus toolkit installed on the remote
host contains a DLL that reportedly is prone to a stack-based overflow
when processing specially-crafted ZOO files. Exploitation depends on
how the toolkit is used, especially with third-party products.
See also :
http://www.mnin.org/advisories/2006_cp5_tweed.pdf
http://www.becubed.com/downloads/compfix.txt
https://kb1.tumbleweed.com/article.asp?article=4175&p=2
Solution :
Contact the vendor for a fix or upgrade Cp5dll32.dll to version
5.0.1.28 or later.
Threat Level:
Medium / CVSS Base Score : 5.6
(AV:R/AC:H/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|