TrendMicro Vulnerability in VSAPI ARJ parsing could allow Remote Code execution

Discussion in 'Computer Security' started by David H. Lipman, Mar 3, 2005.

  1. Vulnerability Identifier: CAN-2005-0533
    Discovery Date: Feb 23, 2005
    Risk: Critical

    "Description:


    This vulnerability exists in the ARJ archive file format parser.

    The ARJ archive file format is too flexible, especially in the file name field in the local
    header. This file name is stored as a null-terminated string and limited only by the overall
    size of the local header (local header size is stored as a 16-bit value and is limited to
    2,600 bytes only).

    If the file name exceeds the maximum allocated size, the VSAPI scan engine still copies this
    file name into a 512-byte buffer, overwriting the succeeding data structure. One of the
    fields in the said data structure is a pointer to another data stucture. The next
    instruction after the copying of the file name is an assignment instruction to a member of
    the structure that is referred to by the overwritten pointer. The said routine causes an
    illegal memory access.

    Thus, it is possible to create a specially-crafted ARJ archive file that overwrites data
    after the allocated 512-byte buffer. This specially-crafted file could possibly execute an
    arbitrary code.

    The ISS advisory can be seen here: http://xforce.iss.net/xforce/alerts/id/189 "


    http://www.trendmicro.com/vinfo/sec...ARJ parsing could allow Remote Code execution


    --
    Dave
     
    David H. Lipman, Mar 3, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Imhotep
    Replies:
    6
    Views:
    611
    Imhotep
    Dec 21, 2005
  2. Imhotep
    Replies:
    0
    Views:
    485
    Imhotep
    Jun 3, 2006
  3. imhotep
    Replies:
    0
    Views:
    640
    imhotep
    Jun 21, 2006
  4. imhotep
    Replies:
    0
    Views:
    571
    imhotep
    Jun 23, 2006
  5. Leythos
    Replies:
    0
    Views:
    686
    Leythos
    Sep 27, 2006
Loading...

Share This Page