Multiple vendor DynaZip DUNZIP32.DLL buffer overflow

dynazip-dunzip32-bo (17879)

High Risk

Description:

InnerMedia DynaZip DUNZIP32.DLL is vulnerable to a buffer overflow. By creating a specially-crafted ZIP file containing a file with an overly long file name, a remote attacker could overflow a buffer and execute arbitrary code on the system, if the attacker could persuade a victim to open the malicious file.

Platforms Affected:

• CheckMark, CheckMark MultiLedger 7.0.1
• CheckMark, CheckMark MultiLedger prior to 7.0.2
• CheckMark, CheckMark Payroll prior to 3.9.7
• dtSearch, dtSearch prior to 7.20.7136
• Headlight Software, GetRight 5.2a and prior
• IBM, Lotus Notes 6.5.4
• McAfee, VirusScan
• Real, RealONE Player 1
• Real, RealONE Player 2
• Real, RealPlayer 10.5_build_6.0.12.1053

Remedy:

For RealNetworks RealPlayer:
Install the appropriate update for your system, as listed in RealNetworks, Inc. Releases Update October 26, 2004. See References.

For GetRight:
Upgrade to the latest version of GetRight (5.2b or later) available from the GetRight Web site. See References.

For CheckMark Payroll:
Upgrade to the latest version of CheckMark Payroll (3.9.7 or later), available from the CheckMark Software, Inc. Web site. See References.

For CheckMark MultiLedger:
Upgrade to the latest version of CheckMark MultiLedger (version 7.0.2 or later) available from the CheckMark Software, Inc. Web site. See References.

For dtSearch:
Upgrade to the latest version of dtSearch (7.20 Build 7136 or later), available from the dtSearch Web site. See References.

For McAfee VirusScan:
Upgrade to the latest version of McAfee VirusScan, available from the McAfee SecurityCenter.

For IBM Lotus Notes:
Upgrade to the latest version of Lotus Notes (6.5.5 or later) or (7.0 or later), available from the IBM Lotus Notes Web page. See References.

Consequences:

Gain Access

References:

• Bugtraq Mailing List, Thu Mar 30 2006 - 06:59:03 CST, McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability at http://archives.neohapsis.com/archives/bugtraq/2006-03/0571.html.
• BugTraq Mailing List, Wed Oct 27 2004 - 01:43:04 CDT, High Risk Vulnerability in RealPlayer at http://archives.neohapsis.com/archives/bugtraq/2004-10/0302.html.
• CheckMark Software, Inc. Web site, CheckMark Software, Inc. - Payroll for Windows and Macintosh at http://www.checkmark.com/.
• CIAC Information Bulletin P-023, RealPlayer Vulnerability at http://www.ciac.org/ciac/bulletins/p-023.shtml.
• Full-Disclosure Mailing List, Wed Oct 27 2004 - 15:40:22 CDT, EEYE: RealPlayer Zipped Skin File Buffer Overflow at http://archives.neohapsis.com/archives/fulldisclosure/2004-10/1044.html.
• Full-Disclosure Mailing List, Wed Sep 06 2006 - 14:42:41 CDT, IBM Lotus Notes DUNZIP32.dll Buffer Overflow Vulnerability at http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0069.html.
• GetRight Web site, GetRight Download Manager: Resume Downloads, Schedule Downloads, Faster Downloads at http://www.getright.com/get.html.
• Headlight Software, Inc. Web site, Changes in GetRight 5.2x: at http://www.getright.com/new52.html.
• IBM Lotus Notes Web page, IBM Software - IBM Lotus Notes home page at http://www-142.ibm.com/software/sw-lotus/products/product4.nsf/wdocs/noteshomepage.
• Networksecurity.fi Security Advisory (10-10-2005), CheckMark Payroll DUNZIP32.dll buffer overflow vulnerability at http://www.networksecurity.fi/advisories/payroll.html.
• Networksecurity.fi Security Advisory (21-12-2005), dtSearch DUNZIP32.dll buffer overflow vulnerability at http://www.networksecurity.fi/advisories/dtsearch.html.
• Networksecurity.fi Security Advisory (28-10-2005), CheckMark MultiLedger DUNZIP32.dll buffer overflow vulnerability at http://www.networksecurity.fi/advisories/multiledger.html.
• RealNetworks, Inc. Releases Update October 26, 2004, RealNetworks, Inc. Releases Update to Address Security Vulnerabilities. at http://www.service.real.com/help/faq/security/041026_player/EN/.
• BID-11555: InnerMedia DynaZip Remote Stack Based Buffer Overflow Vulnerability
• BID-11836: Headlight Software GetRight DUNZIP32.dll Remote Buffer Overflow Vulnerability
• CVE-2004-1094: Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products. NOTE: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same.
• OSVDB ID: 19906: InnerMedia DynaZip DUNZIP32.dll Filename Overflow
• SA17096: CheckMark Payroll DUNZIP32.dll Buffer Overflow Vulnerability
• SA17394: CheckMark MultiLedger DUNZIP32.dll Buffer Overflow Vulnerability
• SA18194: dtSearch DUNZIP32.dll Buffer Overflow Vulnerability
• SA19451: McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability
• SECTRACK ID: 1011944: RealPlayer Skin File Buffer Overflow May Let Remote Users Run Arbitrary Code
• SECTRACK ID: 1012297: DynaZip Buffer Overflow in Processing Long Filenames May Let Remote Users Execute Arbitrary Code
• SECTRACK ID: 1016817: IBM Lotus Notes Buffer Overflow in `DUNZIP32.dll` Lets Remote Users Execute Arbitrary Code
• US-CERT VU#582498: InnerMedia DynaZip library vulnerable to buffer overflow via long file names
• VUPEN/ADV-2005-2057: CheckMark Payroll DUNZIP32.dll Buffer Overflow Vulnerability
• VUPEN/ADV-2006-1176: McAfee VirusScan DUNZIP32.dll Definition File Buffer Overflow Vulnerability

Reported:

Oct 27, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page