N/A

Multiple stack-based buffer overflows in ZipGenius 5.5.1.468 and 6.0.2.1041, and other versions before 6.0.2.1050, allow remote attackers to execute arbitrary code via (1) a ZIP archive that contains a file with a long filename, which is not properly handled by (a) zipgenius.exe, (b) zg.exe, (c) zgtips.dll, and (d) contmenu.dll; (2) a long original name in a (a) UUE, (b) XXE, or (c) MIM file, which is not properly handled by zipgenius.exe; or (3) an ACE archive with a file with a long filename, which is not properly handled by unacev2.dll.

N/A

N/A

ZipGenius多个文档格式文件名溢出漏洞

ZipGenius是一款免费易用的文档压缩解压工具。 ZipGenius在解析各种文档格式时存在多个溢出漏洞： 1) zipgenius.exe、zg.exe、zgtips.dll和contmenu.dll在从ZIP文档读取压缩文件的文件名时存在边界错误，在ZipGenius中或从Windows资源管理器中读取包含有超长文件名的恶意文档时就会导致栈溢出。 2) zipgenius.exe在处理UUE/XXE/MIM编码文件的原始名称时存在边界错误，在打开包含有超长文件名编码文件的恶意UUE/XXE/MIM

N/A

N/A