Advisory : CORELAN-10-025 Disclosure date : April 16th, 2010 http://www.corelan.be:8800/advisories.php?id=CORELAN-10-025
00 : Vulnerability information Product : Archive Searcher 2.1 Version : 2.1 (latest version) Vendor : supp...@miniwish.com/ miniwish.com URL : http://www.miniwish.com/ Platform : Windows Type of vulnerability : Stack overflow Risk rating : High Issue fixed in version : not fixed Vulnerability discovered by : Lincoln Corelan Team : http://www.corelan.be:8800/index.php/security/corelan-team-members/ 01 : Vendor description of software >From the vendor website: "Archive Searcher© helps you finding out a file inside zip/ace/rar/cab compressed files" 02 : Vulnerability details When a specially crafted zip file is searched for by Archive Searcher, an exception handler gets overwritten, allowing to trigger arbitrary code execution. No user intervention is required (except for searching for the file) to gain code execution. 03 : Author/Vendor communication March 28th 2010 : author contacted April 7th 2010 : sent reminder April 15th 2010 : No response, public disclosure 04: Proof-of Concept A PoC is available here : http://www.corelan.be:8800/wp-content/forum-file-uploads/ekse/public/exploits/archive_searcher.rb_.txt _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
