Info

Disclosure

Jul 25, 2006

Discovery

Jul 08, 2006

Dates

Exploit

Unknown

Solution

Unknown

Description

A local overflow exists in PowerArchiver. PowerArchiver fails to add a file with a long filename into a ZIP archive resulting in a stack overflow. With a specially crafted archive containing a long filename, an attacker can execute arbitrary code resulting in a loss of integrity and/or availability.

Classification

Location: Local Access Required
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Unknown

Solution

Upgrade to version 9.63 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

ConeXware, Inc.

PowerArchiver

9.62.03

References

Security Tracker: 1016579
CVE ID: 2006-3985 (see also: NVD)
Secunia Advisory ID: 21199
ISS X-Force ID: 27939
VUPEN Advisory: ADV-2006-2971
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0584.html
Other Advisory URL: http://vuln.sg/powarc962-en.html
Vendor URL: http://www.powerarchiver.com/

Credit

Tan Chew Keong - vulnsecunia.com - Secunia Research

Direct URL: http://osvdb.org/27492