ISS X-Force Database: dynazip-dunzip32-bo(17879): Multiple vendor DynaZip DUNZIP32.DLL buffer overflow

Multiple vendor DynaZip DUNZIP32.DLL buffer overflow

dynazip-dunzip32-bo (17879)

High Risk

Description:

InnerMedia DynaZip DUNZIP32.DLL is vulnerable to a buffer overflow. By creating a specially-crafted ZIP file containing a file with an overly long file name, a remote attacker could overflow a buffer and execute arbitrary code on the system, if the attacker could persuade a victim to open the malicious file.

*CVSS:

Base Score:	5.6
Access Vector:	Remote
Access Complexity:	High
Authentication:	Not Required
Confidentiality Impact:	Partial
Integrity Impact:	Partial
Availability Impact:	Partial

Temporal Score:	4.1
Exploitability:	Unproven
Remediation Level:	Official-Fix
Report Confidence:	Confirmed

Consequences:

Gain Access

Remedy:

For RealNetworks RealPlayer:
Install the appropriate update for your system, as listed in RealNetworks, Inc. Releases Update October 26, 2004. See References.

For GetRight:
Upgrade to the latest version of GetRight (5.2b or later) available from the GetRight Web site. See References.

For CheckMark Payroll:
Upgrade to the latest version of CheckMark Payroll (3.9.7 or later), available from the CheckMark Software, Inc. Web site. See References.

For CheckMark MultiLedger:
Upgrade to the latest version of CheckMark MultiLedger (version 7.0.2 or later) available from the CheckMark Software, Inc. Web site. See References.

For dtSearch:
Upgrade to the latest version of dtSearch (7.20 Build 7136 or later), available from the dtSearch Web site. See References.

For McAfee VirusScan:
Upgrade to the latest version of McAfee VirusScan, available from the McAfee SecurityCenter.

For IBM Lotus Notes:
Upgrade to the latest version of Lotus Notes (6.5.5 or later) or (7.0 or later), available from the IBM Lotus Notes Web page. See References.

References:

Bugtraq Mailing List, Thu Mar 30 2006 - 06:59:03 CST: McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability.
BugTraq Mailing List, Wed Oct 27 2004 - 01:43:04 CDT: High Risk Vulnerability in RealPlayer.
CheckMark Software, Inc. Web site: CheckMark Software, Inc. - Payroll for Windows and Macintosh.
CIAC Information Bulletin P-023: RealPlayer Vulnerability.
Full-Disclosure Mailing List, Wed Oct 27 2004 - 15:40:22 CDT: EEYE: RealPlayer Zipped Skin File Buffer Overflow.
Full-Disclosure Mailing List, Wed Sep 06 2006 - 14:42:41 CDT: IBM Lotus Notes DUNZIP32.dll Buffer Overflow Vulnerability.
GetRight Web site: GetRight Download Manager: Resume Downloads, Schedule Downloads, Faster Downloads.
Headlight Software, Inc. Web site: Changes in GetRight 5.2x:.
IBM Lotus Notes Web page: IBM Software - IBM Lotus Notes home page.
Networksecurity.fi Security Advisory (10-10-2005): CheckMark Payroll DUNZIP32.dll buffer overflow vulnerability.
Networksecurity.fi Security Advisory (21-12-2005): dtSearch DUNZIP32.dll buffer overflow vulnerability.
Networksecurity.fi Security Advisory (28-10-2005): CheckMark MultiLedger DUNZIP32.dll buffer overflow vulnerability.
RealNetworks, Inc. Releases Update October 26, 2004: RealNetworks, Inc. Releases Update to Address Security Vulnerabilities..
BID-11555: InnerMedia DynaZip Remote Stack Based Buffer Overflow Vulnerability
BID-11836: Headlight Software GetRight DUNZIP32.dll Remote Buffer Overflow Vulnerability
CVE-2004-1094: Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products. NOTE: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same.
OSVDB ID: 19906: InnerMedia DynaZip DUNZIP32.dll Filename Overflow
SA17096: CheckMark Payroll DUNZIP32.dll Buffer Overflow Vulnerability
SA17394: CheckMark MultiLedger DUNZIP32.dll Buffer Overflow Vulnerability
SA18194: dtSearch DUNZIP32.dll Buffer Overflow Vulnerability
SA19451: McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability
SECTRACK ID: 1011944: RealPlayer Skin File Buffer Overflow May Let Remote Users Run Arbitrary Code
SECTRACK ID: 1012297: DynaZip Buffer Overflow in Processing Long Filenames May Let Remote Users Execute Arbitrary Code
SECTRACK ID: 1016817: IBM Lotus Notes Buffer Overflow in `DUNZIP32.dll` Lets Remote Users Execute Arbitrary Code
US-CERT VU#582498: InnerMedia DynaZip library vulnerable to buffer overflow via long file names
VUPEN/ADV-2005-2057: CheckMark Payroll DUNZIP32.dll Buffer Overflow Vulnerability
VUPEN/ADV-2006-1176: McAfee VirusScan DUNZIP32.dll Definition File Buffer Overflow Vulnerability

Platforms Affected:

CheckMark CheckMark MultiLedger 7.0.1
CheckMark CheckMark MultiLedger prior to 7.0.2
CheckMark CheckMark Payroll prior to 3.9.7
dtSearch dtSearch prior to 7.20.7136
Headlight Software GetRight 5.2a and prior
IBM Lotus Notes 6.5.4
McAfee VirusScan
Real RealONE Player 1
Real RealONE Player 2
Real RealPlayer 10.5_build_6.0.12.1053

Reported:

Oct 27, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page

* According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall IBM be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

About IBM Internet Security Systems

IBM Internet Security Systems is a trusted security advisor to thousands of the world's leading businesses and governments, helping to provide pre-emptive protection for networks, desktops and servers. The IBM Proventia? integrated security platform is designed to automatically protect against both known and unknown threats, helping to keep networks up and running and shield customers from online attacks before they impact business assets. IBM Internet Security Systems products and services are based on the proactive security intelligence of its X-Force? research and development team ? an unequivocal world authority in vulnerability and threat research. The IBM Internet Security Systems product line is also complemented by comprehensive Managed Security Services and Professional Security Services. For more information, visit the IBM Internet Security Systems Web site at www.iss.net or call 800-776-2362.