A remote overflow exists in ZipGenius. "zipgenius.exe", "zg.exe", "zgtips.dll", and "contmenu.dll" fail to perform proper bounds checking, resulting in a stack-based buffer overflow. With a specially crafted ZIP archive containing a compressed file with an overly long filename, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Upgrade to version 6.0.2.1050 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1015090
• Bugtraq ID: 15161
• Secunia Advisory ID: 17061
• CVE ID: 2005-3317 (see also: NVD)
• Related OSVDB ID: 20158 20159
• Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0464.html
• Vendor Specific Advisory URL: http://forum.zipgenius.it/index.php?showtopic=684
• Other Advisory URL: http://secunia.com/secunia_research/2005-54/advisory/
• Vendor URL: http://www.zipgenius.it/

• Tan Chew Keong - vulnsecunia.com - Secunia Research