|
Family: Windows --> Category: infos
DynaZip Zip Archive Handling Buffer Overflow Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Checks version of DynaZip's dzip32.dll / dzips32.dll
Detailed Explanation for this Vulnerability Test
Synopsis :
There is a library file installed on the remote Windows host that is
affected by several buffer overflow vulnerabilities.
Description :
The version of the DynaZip Max or DynaZip Max Secure installed on the
remote host contains a DLL that reportedly is prone to stack-based
overflows when repairing or updating a specially-crafted ZIP file.
Successful exploitation allows a possible hacker to execute arbitrary code
on the affected host subject to the user's rights.
Note that DynaZip libraries are included in some third-party
applications to provide support for handling ZIP files.
See also :
http://vuln.sg/dynazip5007-en.html
http://www.securityfocus.com/archive/1/441083/30/0/threaded
Solution :
Either upgrade to DynaZip Max 5.0.0.8 / DynaZip Max Secure 6.0.0.5 or
later or contact the appropriate vendor for a fix.
Threat Level:
High / CVSS Base Score : 8
(AV:R/AC:H/Au:NR/C:C/A:C/I:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|