Corelan Team

Advisory        : CORELAN-10-026

Disclosure date : April 19th, 2010

CVE : CVE-2010-1458

http://www.corelan.be:8800/adv…..LAN-10-026

00 : Vulnerability information

 Product : TweakFS Zip Utility

 Version : 1.0 (latest version)

 Vendor : TweakFS

 URL : http://www.tweakfs.com/

 Platform : Windows

 Type of vulnerability : Stack buffer overflow

 Risk rating : High

 Issue fixed in version : not fixed

 Vulnerability discovered by : TecR0c

 Corelan Team :

 http://www.corelan.be:8800/index.php/security/corelan-team-members/

01 : Vendor description of software

"Create and Extract Zips TweakFS Zip Utility for FSX was designed to be a useful tool for unpacking Zip files downloaded from FS file libraries without the need for an existing 3rd-party Zip application, but the big handy feature is that it has a tree display of the Zip folder structure giving you a clear view of how the files will unpack and into which location."

02 : Vulnerability details

A flaw in how the application handles a overly long zip filename which an attacker can

utilize in a manner other than the designer intended. This allows the attacker to run arbitrary-code execution on

the victims machine when a specially crafted zip file has been open within the application.

03 : Author/Vendor communication

 April 7, 2010 : author contacted

 April 16, 2010  : sent reminder

 April 19th, 2010 : No response, public disclosure

04: Proof of Concept

PoC Exploit