Killahbee
15-09-05, 15:29
FrSIRT Advisory : FrSIRT/ADV-2005-1736
CVE Reference : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-09-14
* Technical Description *
A vulnerability was identified in AVIRA Desktop for Windows, which may be exploited by remote attackers or malware to execute arbitrary code. This flaw is due to a stack overflow error when handling ACE archives containing compressed files with overly long filename, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted archive.
* Affected Products *
AVIRA Desktop for Windows version 1.00.00.68 (with AVPACK32.DLL version 6.31.0.3)
* Solution *
Upgrade to the latest version (AVPACK32.DLL version 6.31.1.7)
* References *
http://www.frsirt.com/english/advisories/2005/1736
http://www.avira.com/en/news/avira_...nerability.html
http://secunia.com/secunia_research/2005-43/advisory/
* Credits *
Vulnerability reported by Tan Chew Keong
* ChangeLog *
2005-09-14 : Original Advisory
CVE Reference : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-09-14
* Technical Description *
A vulnerability was identified in AVIRA Desktop for Windows, which may be exploited by remote attackers or malware to execute arbitrary code. This flaw is due to a stack overflow error when handling ACE archives containing compressed files with overly long filename, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted archive.
* Affected Products *
AVIRA Desktop for Windows version 1.00.00.68 (with AVPACK32.DLL version 6.31.0.3)
* Solution *
Upgrade to the latest version (AVPACK32.DLL version 6.31.1.7)
* References *
http://www.frsirt.com/english/advisories/2005/1736
http://www.avira.com/en/news/avira_...nerability.html
http://secunia.com/secunia_research/2005-43/advisory/
* Credits *
Vulnerability reported by Tan Chew Keong
* ChangeLog *
2005-09-14 : Original Advisory