Multiple file decompression utilities contain buffer overflow vulnerabilities for which the impacts vary.
Researchers at Rapid7, Inc. have discovered that multiple file decompression utilities are susceptible to buffer overflows as a result of large filenames embedded in crafted ZIP archive files. When affected users attempt to decompress these ZIP files, the buffer overflow may result in execution of arbitrary code.
The impact of this vulnerability may vary depending upon the product and its execution environment. Typically, successful exploitation of a buffer overflow will allow the attacker to execute arbitrary code with the privileges of the user running the application.
Apply a patch
The vendor section of this document lists vendors who have been notified of this issue and their responses.
This vulnerability was reported to the CERT/CC by Rapid7, Inc.
This document was written by Jeffrey P. Lanza.
|Date First Published:||2002-10-02|
|Date Last Updated:||2003-01-06 21:54 UTC|