E-Mail:

PowerArchiver ACE/ARJ Archive Handling Buffer Overflow

Secunia Research has discovered a vulnerability in PowerArchiver, which can be exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to a boundary error when reading the filename of a compressed file from an ACE/ARJ archive. This can be exploited to cause a stack-based buffer overflow when a malicious archive containing a file with an overly long filename is opened.

Successful exploitation allows arbitrary code execution.

The vulnerability has been confirmed in the following versions with ACE, or ARJ archives, or both:

  • PowerArchiver 2006 version 9.5 Beta 4/Beta 5

  • PowerArchiver 2004 version 9.25
  • PowerArchiver 2003 version 8.60
  • PowerArchiver 2002 version 8.10

Prior versions may also be affected.

Solution: Update to a fixed version.

PowerArchiver 2004: Update to version 9.26.

The vulnerability has also been fixed in PowerArchiver 2006 Beta 6.

Critical: Moderately critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: PowerArchiver 2002 8.x, PowerArchiver 2003 8.x, PowerArchiver 2004 9.x

[Continue reading Secunia Advisory: SA16713]

What Do You Think?

 

Want to Start a Blog Here for Free?

Are you an expert in one subject or another? If your goal is to help others and dispense your hard-earned information back to the community, get involved in our community site today! You can write about anything - no matter the topic. Exceptional candidates will be offered the chance to contribute to (and generate revenue from) the main Lockergnome site. Join us today!

Favorite - Nov 21, 2008

Anyvite

Event - Nov 21, 2008

Today In History: Who Shot J.R.?

Diana's Tips - Nov 19, 2008

Add Tags In Word 2007

Gnewbie Gnook - Nov 18, 2008

How Can I Scan To PDF?

71 queries / 0.186 seconds.