yEnc32 Decoder Long Filename Buffer Overflow Vulnerability

2007.05.17

Credit: Tan Chew Keong

Risk: High

Local: Yes

Remote: No

CVE: CVE-2007-2646

CWE: CWE-Other

CVSS Base Score: 6.8/10

Impact Subscore: 6.4/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

[vuln.sg] Vulnerability Research Advisory
yEnc32 Decoder Long Filename Buffer Overflow Vulnerability
by Tan Chew Keong
Release Date: 2007-05-12
Summary
-------
A vulnerability has been found in yEnc32. When exploited, the vulnerability allows execution of arbitrary code when the user decodes a specially crafted yEnc encoded file.
Tested Versions
---------------
yEnc32 version 1.0.7.207
Details
-------
http://vuln.sg/yenc32-107-en.html
http://vuln.sg/yenc32-107-jp.html

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

yEnc32 Decoder Long Filename Buffer Overflow Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.