OUSPG
[This page is CSS2 enabled. Your browser might not fully support it]
PROTOS Genome Test Suite c10-archive
Archive formats are used to serialise a set of files and directories
into a single byte stream, usually applying a form of compression in
the process. The archive files can then be stored or transmitted on
various media conveniently and economically, and later extracted. The
use of archiving formats is ubiquitous in transmitting files over email
and in distribution of software, among other areas.
The present set of archive formats were chosen as the subject
protocols for vulnerability assessment through structure inference
directed fuzzing and test suite creation.
A list of frequently observed archiving formats was drawn up. Test
material was prepared and tests were carried out against a sample set
of existing anti-virus programs. Results were gathered.
Most of the implementations available for evaluation failed to perform
in a robust manner under test. Some failures had information
security implications, and should be considered as vulnerabilities.
In order to achieve a robustness baseline for archival products, this
test material should be adopted for their evaluation and development.
Anti-virus and other security products employing archive formats should
be considered the most important subjects in this respect.
This test suite is a byproduct of the PROTOS Genome project, hereby referred as
GENOME. The test suite contains a set of fuzzed archive files in
different formats, some of which may cause and some are known to cause
problems for example in common decompression and anti-virus tools.
This test suite covers a limited set of information security and
robustness related implementation errors for subsets of the chosen
protocols. The subject protocols, along with their scrutinised
subsets, are illustrated in the "Analysis"
section below.
The purpose of this test suite is to evaluate implementation level
security and robustness of programs handling archive files of
different formats. Archive formats were considered a viable topic for
a test suite due to the following factors:
- The complexity involved in parsing different file formats has
historically been found to beget vulnerability. Archive formats were
thought to be similar in this respect.
- The use of archive formats encompasses computing. In other words -
there are various different implementations and a myriad of
installations. As a result, the impact of an archive vulnerability can
be significant.
- The methods developed in the GENOME project facilitate test suite
creation so that multiple formats can be covered with relative
ease. Thus the scope of the test suite can be extensive.
- Many archive formats have a long history, which has given their
implementations plenty of time to mature and harden with respect to
implementation level errors. Evaluating such mature products should
provide us useful feedback on the current state of implementation
level robustness in general.
- Processing archive formats may have a long family
tree where versions of archiving code have been forked or copied
into different projects, which might not have incorporated
the fixes for bugs to shared code found in other branches of the family tree.
The field of archive formats was analysed with the methods of OUSPG's
MATINE project. The focus of this analysis was on the different
formats and their specifications, their different technical and
organisational uses and prior security issues affecting them. The
analysis methods lay weight on issues regarding the history of code
and specifications (inheritance, re-use), historical data on the usage
and prevalence of different implementations and expert opinion.
The analysis highlighted anti-virus software as representative, or
topical, subject for this test suite. Motivation for producing test
material targeted at ensuring robustness of anti-virus tools include:
- Anti-virus tools by definition process input from potentially
malicious sources.
- Anti-virus tools parse a wide variety of different data
formats. Due to their nature, they have to process each file in a
system, including archived content.
- Anti-virus tools run at high privileges, increasing the impact of
potential compromise.
- Anti-virus tools are commonly installed organisation-wide on all
able computers, including (or especially) on computers in critical and
high-profile roles.
- Usage of Anti-virus tools is commonly mandated by organisational
policy, contract and other administrative and/or legal requirements.
US HIPAA legislation [1] is commonly interpreted to mandate use of anti-virus software.
It was noted that anti-virus tools parse many different kinds of data,
and this test material, being limited to archive formats only, can
only serve as a decent first aid for related vulnerability
assessment. A proper security evaluation of anti-virus software would
involve scrutinising a much greater set of file formats.
In this test-suite, the focus was set on the certain archive formats,
namely ACE, ARJ, BZ2, CAB, GZ, LHA, RAR, TAR, ZIP and ZOO. This set
encompasses the most commonly used archive formats.
The specifications for the archive file formats are in some cases
available. However, since there are many versions and variants of many
of the formats, and there are in many cases no formal easily
processable specifications of the contents, basing testing on this
knowledge would require too much human time. On the other hand,
purely random changes can be applied to sample files, or purely random
data can be used, to blindly test the behaviour of programs. This
approach generally requires too much computer time. The GENOME
approach does not require manual modeling of the tested protocol/file
format, unlike the PROTOS Classic[2] approach
of test suite development.
Most of the files in the test suite have been built using an
intelligently automated combination of the approaches stated above. A
set of valid files is first collected. A program is then used
to analyse the structure of these files, yielding a rough model of the
underlying file format. This model is then used to generate similar
files, which often have modifications that would be extremely unlikely
to appear, were one to use purely random methods. Because most of the
testing and processing involved in building a test set is automatic,
we were able to test a fairly large set of file formats.
The test suite can be used as robustness testing material for programs
that process corresponding file formats. Usually programs should
simply report that the files are invalid and resume operation in a
controlled manner. For example program termination, altered behaviour
and infinite loops indicate unintentional and in many cases
exploitable errors.
Freely available and evaluation versions of some common UNIX-based
anti-virus products were selected as test subjects, and the common
archive formats processed by the tools were selected for testing.
No sample list of implementations is presented herein. A large number
of vendors include anti-virus or archive products in their product
portfolios. A list of vendors with anti-virus products or archive
products may include at least
Alwil,
Apple Computer,
Avira,
Cisco Systems,
Comodo,
Computer Associates,
F-Secure,
FRISK Software,
Grisoft,
Hewlett-Packard,
IBM,
McAfee,
MicroWorld,
Microsoft,
Norman,
Norton,
Novatix,
Panda Software,
Pkware,
Proland Software,
RARLAB,
Red Hat,
Softwin,
Sophos,
Sun Microsoystems,
Symantec,
Trend Micro,
Winzip,
and many others.
The following image gives a faint approximation on the extent to which
different archive formats can be used in computer systems. It
represents a scenario in which two network peers, commonly a client
and a server, communicate over a communication network. Potential
archive format implementations involved are highlighted.
Legend:
- Network payload compression, implemented in hardware or
software. Although compression per se was not targeted in this test
suite, some compression might have been encapsulated in archive
formats in this context. Note that software payload compression
includes the compression used in many cryptographic message formats
and the gzip content encoding in the prevalent MIME protocol.
- Network content filtering (spam, phishing and other undesired
content) and virus scanning may need to handle archived content.
- Network caches, proxies and load balancing devices may parse
archived payloads.
- Network firewalls (especially stateful/application level
firewalls), intrusion detection/prevention systems may need to handle
archived content.
- Client-side (or personal) firewalls, intrusion
detection/prevention systems, content filtering, anti-virus,
anti-malware, anti-spyware and anti-rootkit software may need to
handle archived content.
- Different kind of client and server software handles archived
content for various purposes. This includes the handling of archived
configuration or customisation files (e.g. skins) and media files as
some formats include data compression. Note that many programs include
add-on plugins or modules that also may employ archive formats.
- APIs of operating systems and various
libraries enable or involve the handling of archived content. Many
environments also include indexing services that study filesystem
content at regular intervals, and GUI functions designed for the
handling of archives. Many programming languages handle archives
containing library files and software packages. Many software packet
installation management systems handle archived content.
- Connected embedded devices, most notably backup drives, may
involve hardware or software archival functions.
- Connected palmtop and mobile appliances, which are often embedded
devices, may require archival for communications or other
functions. Note that the client and server systems depicted in this
image may also be such devices.
Prior public vulnerabilities related to archive
formats have been evident in most of the implementation categories
listed above.
The injection vector survey, or delivery vector survey, analyses the
different methods of delivering the test-cases to the implementations
under test (IUT). Often, there are several methods of injection and
one test-suite cannot cover them all, or might miss some vectors not
available in all implementations.
Most anti-virus software focus on inspecting files that reside in a
file system. As this test suite is focused on testing anti-virus
software, it uses file system as the method of injection. Because all
of the tested anti-virus tools and decompression tools could be run
from command line, the injection could be handled by simple shell
scripts. These scripts fed the test cases to the test subject one by
one while monitoring their execution. The used injection scripts are
not bundled with the test suite as they are very case-specific and
easily reproducible for most subjects.
With instrumentation on the target platform we are able to monitor for
undesired behaviour of the subject implementation. Typically this
manifests as exceptions or signals such as 'access violation' or
'segmentation fault'. For most of the testing we used isolated Linux
installations of the x86/IA32 architecture. In addition, sporadic
testing was carried out with Mac OS X and Windows operating
systems.
Strace and a kernel patch to report all fatal signals were used to
monitor the operation of programs when the fuzzed files were
processed. The value of eip register at the time of the fatal signal
was used to rule some terminations as probably manifestations of the
same error. The used instrumentation is not bundled with the test
material as it is freely available via other sources for various
platforms.
Computer programs usually process input. Often some of the input comes
from a file. By using specially crafted files, it is often possible to
expose un-handled and potentially exploitable errors in programs.
The test suite consists of modified archive files of corresponding
file formats. Some of the files were generated using fairly simple
content fuzzing techniques, and some were generated using a
model-assisted approach. In both cases the files were generated using
a set of sample files.
For each file format, set of valid files were first collected. The
contents of the files are for the most part text documents and files
of other common document formats. Freely available archival tools with
different parameters were then used to create them. The collected
files were processed with structure inference tools developed in
GENOME to yield simple models of the content. The models were then
used to generate similar data.
Fuzzed testing material was generated by applying probabilistic
changes to the generated data. The fuzzing thus mostly involved
selecting a good set of initial training material, and then finding
reasonable parameters to produce suitably fuzzed data. The generated
files are usually tested with a program as they are generated, and
files causing interesting errors are collected.
This test suite contains both files that are known to cause problems
in at least one program, and files that may or may not cause problems
in some programs. In many cases files in this test suite expose severe
un-handled errors, many of which have direct security implications and
should be considered as vulnerabilities.
The structure inference and fuzzer tools used in the production of the
test suite were provided by the GENOME project. The described
automatic model assisted approach is new to our knowledge, and it has
been very effective in producing various test input.
The tests are divided into separate test-material packages for each
file formats. Each test-material package consists of a certain amount
of test-cases, as specified in the table below.
Number of test cases by archive format
Archive format |
# cases |
ace |
91518 |
arj |
255343 |
bz2 |
321818 |
cab |
130823 |
gz |
227311 |
lha |
176631 |
rar |
198865 |
tar |
40549 |
zip |
189833 |
zoo |
163595 |
total |
1632691 |
The package is distributed as a cd-rom image containing:
- the GPL licence
- very brief usage instructions
- 10 pieces <format>.tar.bz2 packages
The license allows free use and redistribution of the test material
package. If you modify the material, please consider renaming the
package.
In most Linux systems the iso image file can be used directly without
burning it to a cd-rom, by issuing the following command:
$ mount -o loop testsuites.iso /cdrom
The cd-rom contains the test suites bundled by file format in
tar.bz2 archives.
The archives can be decompressed with any decompression software
supporting BZIP2 archives and having no limit for the number of files
in one archive. In UNIX systems this can be done by issuing the following
commands:
$ bunzip2 < suite.tar.bz2 | tar -xvf -
One suitable tool for Windows environment
is ICEOWS, available at no
cost. Note that each x.tar.bz2 package is first decompressed to a
x.tar file, which is then similarly decompressed into a directory x
containing the files. Note that OUSPG neither endorses any
decompressor in particular, nor guarantee that they will not have
issues with the test suite.
The decompression will take anything from a few minutes to several
hours, depending on the computer. After decompression, the complete
test suite contains 5.22GB of data, which on a typical Windows system
occupies a bit over 10GB of physical space. Note that when using
Windows, the test suite directories can be removed faster from the
command line.
Testing with the test suite is carried out by feeding the files in the
test suite to the desired subjects. Often this process can be
automated to some degree, for example by scripts or batch
processing. While testing, the test subject should be monitored for
any unorderly behaviour, such as crashes, hangs or the overt
consumption of system resources. This document does not cover the
details of instrumentation, and we leave it up to users of the test
material to come up with techniques to monitor whether test subjects
handle the test cases in a satisfactory manner.
We recommend some additional guidelines for testing, although these
are not imposed by the test material licence. These guidelines can be
found from the Test suite releases in Theory and Practice
document.
Use of latest release (highest number) is recommended. Older
releases are provided for completeness and reproduction.
Only README.TXT has been changed since pr1 and pr2.
Test-runs were conducted against the chosen set of sample
implementations. The test material consisted of the fit test cases
selected during the production of the test suite.
In this test suite, the 'failed' status is granted if
any of the following criteria are met and a single test case can be
identified to be responsible of it:
- A process or a child process crashes with fatal signal
If no single test case can be identified but similar effects are
observed, the status is 'inconclusive'.
Otherwise, the status is 'passed'.
Each failed test case represents at minimum a denial of service type
chance of exploiting the found vulnerability. In most cases, they
represent memory corruption, stack corruption or other fatal error
conditions. Some of these may lead to exposure to typical exploits,
allowing running of arbitrary code or modification of the target
system (eg. buffer overflows).
A limited subset of the test material was used in test runs against
some anti-virus products. Tables below represent the observations from
feeding the test-material against the chosen subject software. Product
names of the actual subjects are omitted to protect the innocent.
These tables illustrate how different archive formats were handled in
the test runs. A test group is marked failed if any single case or
combination of cases cause the subject to fail. The results therefore
represent a lower bound on implementation problems uncovered in tested
software using the test material.
Result summary by archive format
Subject |
ace |
arj |
bz2 |
cab |
gz |
lha |
rar |
tar |
zip |
zoo |
1 |
x |
x |
x |
x |
- |
x |
- |
- |
x |
x |
2 |
- |
x |
n/a |
x |
- |
x |
x |
- |
- |
n/a |
3 |
- |
x |
x |
x |
- |
x |
x |
- |
- |
- |
4 |
- |
x |
- |
- |
- |
x |
x |
- |
x |
- |
5 |
n/a |
n/a |
n/a |
- |
- |
n/a |
n/a |
- |
- |
n/a |
Legend:
- x: Verdict is failed
- -: Verdict is passed
- ?: Verdict is inconclusive
- n/a: Software doesn't support the format
Following table shows total number of failing cases found per format.
Failing cases by archive format
Subject |
ace |
arj |
bz2 |
cab |
gz |
lha |
rar |
tar |
zip |
zoo |
1 |
283 |
8 |
7 |
2 |
- |
44 |
- |
- |
94 |
31 |
2 |
- |
11 |
- |
3552 |
- |
10406 |
39 |
- |
- |
- |
3 |
- |
40 |
8 |
1 |
- |
5 |
38 |
- |
- |
- |
4 |
- |
11 |
- |
- |
- |
6 |
1603 |
- |
2 |
- |
5 |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
Following table shows number of unique bugs found per format. Value of EIP at the moment of crash was used to determine whether bug is unique or not.
Unique bugs by archive format
Subject |
ace |
arj |
bz2 |
cab |
gz |
lha |
rar |
tar |
zip |
zoo |
1 |
3 |
2 |
1 |
1 |
- |
3 |
- |
- |
3 |
1 |
2 |
- |
5 |
- |
12 |
- |
2 |
1 |
- |
- |
- |
3 |
- |
5 |
2 |
1 |
- |
3 |
2 |
- |
- |
- |
4 |
- |
1 |
- |
- |
- |
1 |
1 |
- |
1 |
- |
5 |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
Parser implementations are intricate pieces of code that are prone to
implementation level faults, and archive file format parsers are no
exception in this manner. Almost all of the tested tools seemed to be
easy to crash using our relatively simple automated techniques. Some
of the observed failures had information security implications, and
should be considered as vulnerabilities. This is alarming considering
the tested products were advertised as security products.
We are grateful to NISCC and CERT-FI for their help and advice during
the vulnerability process.
At the outset of of this test suite, past implementation security
issues regarding archive formats were investigated. This work included
tracking archive format implementations, products, vulnerabilities,
among other data. This data was gathered with the methods developed in
project MATINE and visualised with Graphingwiki
[3]. An example graph of CVE entries related to the RAR
archive format is included below.
Note that the above graph is in no way related to vulnerabilities possibly
uncovered using this test material, it's just an automatically generated
graph from CVE data.
Prior vulnerabilities, as reported in the CVE database, regarding the
archive formats in this test suite, include but are not limited to the
following:
-
"Buffer overflow in Norton Antivirus for Exchange"
[4]
-
"DoS in MAILsweeper for SMTP"
[5]
-
"BSCW groupware system read or modify arbitrary files"
[6]
-
"GNU Tar Hostile Destination Path Vulnerability"
[7]
-
"Multiple vendor file archivers file extraction directory traversal"
[8]
-
"Multiple vendor file archivers file extraction directory traversal"
[9]
-
"Multiple vendor file archivers file extraction directory traversal"
[10]
-
"zlib "double free" memory corruption"
[11]
-
"Windows zipped file decompression buffer overflow"
[12]
-
"Multiple vendor file archivers file extraction directory traversal"
[13]
-
"AMaViS securetar TAR file denial of service"
[14]
-
"Microsoft Windows Incorrect Target Path for Zipped File Decompression."
[15]
-
"Internet Explorer Malformed PNG Image File Failure"
[16]
-
"Multiple vendor file archivers file extraction directory traversal"
[17]
-
"zlib gzprintf buffer overflow"
[18]
-
"RealPlayer PNG improper decompression buffer overflow"
[19]
-
"GameSpy Arcade GSAPAK.EXE file upload"
[20]
-
"Clearswift MAILsweeper RAR policy bypass"
[21]
-
"Clearswift MAILsweeper ZIP policy bypass"
[22]
-
"MAILsweeper for SMTP zip archive could allow an attacker to bypass virus
protection"
[23]
-
"LHA multiple buffer overflows"
[24]
-
"Multiple directory traversal vulnerabilities in LHA"
[25]
-
"Integer overflow in DUNZIP32.DLL for Microsoft Windows"
[26]
-
"gzip gzexe script creates insecure temporary files"
[27]
-
"LHA metacharacter command execution"
[28]
-
"LHA extract_one buffer overflows"
[29]
-
"DGen ROM decompression symlink attack"
[30]
-
"LHA long pathname buffer overflow"
[31]
-
"zlib inflate and inflateback denial of service"
[32]
-
"Multiple vendor antivirus .zip bypass protection"
[33]
-
"unarj file name buffer overflow"
[34]
-
"Info-ZIP zip archive with long names buffer overflow"
[35]
-
"unarj file extraction directory traversal"
[36]
-
"RealPlayer zipped RJS file buffer overflow"
[37]
-
"Multiple vendor antivirus .zip bypass protection"
[38]
-
"WinRAR zip file buffer overflow"
[39]
-
"Solaris gzip modify privileges of hard linked files"
[40]
-
"WinRAR Repair Archive unknown vulnerability"
[41]
-
"Clam AntiVirus RAR archive denial of service"
[42]
-
"F-Secure Anti-Virus password protected archive bypass antivirus protection"
[43]
-
"eTrust Antivirus could allow attacker to bypass file scan"
[44]
-
"MAILsweeper for SMTP RAR denial of service"
[45]
-
"AntiGen for Domino zip file can cause denial of service"
[46]
-
"F-Secure Anti-Virus LHA archive buffer overflow"
[47]
-
"F-Secure Anti-Virus ZIP archive bypass scanning"
[48]
-
"cabarc "dot dot" directory traversal"
[49]
-
"Clam AntiVirus ZIP file denial of service"
[50]
-
"UnAce 'Ready for next volume' messages buffer overflow"
[51]
-
"UnAce "dot dot" directory traversal"
[52]
-
"WinHKI ZIP directory traversal"
[53]
-
"DivX Player directory traversal"
[54]
-
"ZipGenius path disclosure"
[55]
-
"Winrar dot dot dot directory traversal"
[56]
-
"Antivirus ARJ archive buffer overflow"
[57]
-
"Antivirus ARJ archive buffer overflow"
[58]
-
"McAfee AntiVirus Library stack buffer overflow"
[59]
-
"McAfee AntiVirus Library stack buffer overflow"
[60]
-
"HTTP Anti Virus Proxy cab and zip files bypass filtering"
[61]
-
"FileZilla Server zlib compression denial of service"
[62]
-
"RHSA-2005:357 updates for gzip not installed"
[63]
-
"gzip -N command directory traversal"
[64]
-
"Multiple Symantec AntiVirus products RAR file detection bypass"
[65]
-
"Sophos Anti-Virus BZIP2 denial of service"
[66]
-
"MailScanner .zip security bypass"
[67]
-
"zlib DoS (inftrees.h)"
[68]
-
"Multiple vendor file archivers file extraction directory traversal"
[69]
-
"Clam AntiVirus ENSURE_BITS function denial of service"
[70]
-
"zlib code table denial of service"
[71]
-
"BlackBerry Enterprise Server Attachment Service PNG buffer overflow"
[72]
-
"UnAce "dot dot" directory traversal"
[73]
-
"avast! Antivirus ACE archives buffer overflow"
[74]
-
"Linux Kernel huft_build zlib denial of service"
[75]
-
"Linux Kernel huft_build zlib denial of service"
[76]
-
"Tar setuid restores owner file permissions"
[77]
-
"IBM Lotus Notes htmsr.dll HTML speed reader URL link buffer overflow"
[78]
-
"IBM Lotus Notes kvarcve.dll compressed file preview directory traversal"
[79]
-
"RealPlayer zipped RJS file buffer overflow"
[80]
-
"HAURI compressed archives directory traversal"
[81]
-
"HAURI compressed archives directory traversal"
[82]
-
"HAURI vrAZace.dll library buffer overflow"
[83]
-
"ZipTV ARJ header buffer overflow"
[84]
-
"NOD32 ARJ archive buffer overflow"
[85]
-
"Avira Desktop for Windows ACE filename buffer overflow"
[86]
-
"AhnLab V3 Antivirus v3flt2k.sys scan driver allows attacker elevated privileges"
[87]
-
"7-Zip ARJ file buffer overflow"
[88]
-
"PowerArchiver ACE/ARJ filename buffer overflow"
[89]
-
"Kaspersky Antivirus cab heap overflow"
[90]
-
"ALZip filename buffer overflow"
[91]
-
"Virus detection bypass in Kaspersky Antivirus"
[92]
-
"Virus detection bypass in BitDefender Antivirus"
[93]
-
"Virus detection bypass in F-Prot Antivirus"
[94]
-
"Virus detection bypass in Avast Antivirus"
[95]
-
"Virus detection bypass in McAfee Antivirus"
[96]
-
"Virus detection bypass in Sophos Antivirus"
[97]
-
"Virus detection bypass in Symantec Antivirus"
[98]
-
"Virus detection bypass in Dr.Web Antivirus"
[99]
-
"Virus detection bypass in Avira Antivirus"
[100]
-
"Virus detection bypass in Norman Virus Control Antivirus"
[101]
-
"Virus detection bypass in Fortinet Antivirus"
[102]
-
"Virus detection bypass in VBA32 Antivirus"
[103]
-
"Virus detection bypass in Rising Antivirus"
[104]
-
"Virus detection bypass in AntiVir Antivirus"
[105]
-
"Virus detection bypass in (1) eTrust-Iris and (2) eTrust-Vet Antivirus"
[106]
-
"Virus detection bypass in ArcaVir Antivirus"
[107]
-
"Virus detection bypass in UNA Antivirus"
[108]
-
"Virus detection bypass in Ikarus AntiVirus"
[109]
-
"Virus detection bypass in ClamAV Antivirus"
[110]
-
"Virus detection bypass in Panda Antivirus"
[111]
-
"Virus detection bypass in CAT Quick Heal"
[112]
-
"Virus detection bypass in TheHacker"
[113]
-
"Virus detection bypass in Trustix Antivirus"
[114]
-
"Virus detection bypass in Grisoft AVG Antivirus"
[115]
-
"Virus detection bypass in Proland Protector Plus 2000 Antivirus"
[116]
-
"WinRAR unacev2.dll ACE archive buffer overflow"
[117]
-
"ZipGenius filename buffer overflow"
[118]
-
"F-Prot Antivirus ZIP files can bypass protection"
[119]
-
"Clam Antivirus tnef_attachment function denial of service"
[120]
-
"Clam Antivirus cabd_find function denial of service"
[121]
-
"SpeedProject multiple products lstrcat() ZIP file buffer overflow"
[122]
-
"Panda Antivirus library ZOO file buffer overflow"
[123]
-
"Symantec AntiVirus Library RAR parsing multiple buffer overflows"
[124]
-
"TUGZip ARJ archive buffer overflow"
[125]
-
"Sophos Anti-Virus ARJ file scanning detection bypass"
[126]
-
"GNU Tar PAX extended headers buffer overflow"
[127]
-
"F-Secure Anti-Virus ZIP file buffer overflow"
[128]
-
"F-Secure Anti-Virus RAR and ZIP file scan detection bypass"
[129]
-
"WinAce ARJ header buffer overflow"
[130]
-
"zoo misc.c fullpath() buffer overflow"
[131]
-
"SpeedProject .ZIP and .JAR archives directory traversal"
[132]
-
"Stuffit and ZipMagic archive directory traversal"
[133]
-
"PEAR::Archive_Zip dot dot directory traversal"
[134]
-
"WinAce .RAR and .TAR directory traversal"
[135]
-
"Sophos Anti-Virus CAB file parsing buffer overflow"
[136]
-
"zoo parse.c parse() buffer overflow"
[137]
-
"WinHKI archive extraction directory traversal"
[138]
-
"TUGZip archive directory traversal"
[139]
-
"IZArc extract error directory traversal"
[140]
-
"SpeedProject multiple products ACE buffer overflow"
[141]
-
"Abakt ZIP buffer overflow"
[142]
-
"VeriSign I-Nav VUpdater.Install ActiveX control code execution"
[143]
-
"ZipCentral ZIP archive filename buffer overflow"
[144]
-
"ZipTV ARJ header buffer overflow"
[145]
-
"BitZipper extract directory traversal"
[146]
-
"PicoZip zipinfo.dll buffer overflow"
[147]
-
"Filzip archive directory traversal"
[148]
-
"QuickZip extract directory traversal"
[149]
-
"AutoVue SolidModel Professional archive filename buffer overflow"
[150]
-
"Apple Mac OS X BOMArchiveHelper BOMFileClose() .zip archive buffer overflow"
[151]
-
"MIMEsweeper for Web RAR archive Web Policy Engine denial of service"
[152]
-
"WinRAR LHA archive buffer overflow"
[153]
-
"Microsoft Internet Explorer HTTP 1.1 compression long URL buffer overflow
variant"
[154]
-
"MailGate Email Firewall LHA extended-header filename buffer overflow"
[155]
-
"PowerArchiver add buffer overflow"
[156]
-
"Lhaplus LZH archive extended header buffer overflow"
[157]
-
"Lhaz long LZH filename buffer overflow"
[158]
-
"gzip huft_build() code execution"
[159]
-
"gzip LZH array code execution"
[160]
-
"gzip unpack.c buffer underflow"
[161]
-
"gzip LZH array code execution"
[162]
-
"gzip LZH array code execution"
[163]
-
"PowerZip filename buffer overflow"
[164]
-
"Dr. Web LHA archive buffer overflow"
[165]
-
"Compression Plus ZOO buffer overflow"
[166]
-
"avast! LHA archive buffer overflow"
[167]
During the prerelease phase all verified vulnerabilities were reported
to the respective vendors through this test material. The
vulnerability reports were tracked by CERT-FI and NISCC in the role of
independent coordinators and advisors. An attempt was made to seek a
channel to distribute the test material to vendors whose products we
were not able to obtain for testing.
Vendor statements or security advisories issued in order to address
the vulnerabilities uncovered by this test suite are
collected. Advisories that we are aware of are listed here-in:
-
- [1]
-
"Health Insurance Portability and Accountability Act".
http://en.wikipedia.org/wiki/HIPAA.
-
- [2]
-
Kaksonen, Rauli.
A Functional Method for Assessing Protocol Implementation Security.
(2001).
VTT Publication series.
http://www.vtt.fi/inf/pdf/.
ISBN: 951-38-5873-1.
Licenciate thesis.
-
- [3]
-
Eronen, Juhani.
A collaborative method for assessing the dependencies of critical information infrastructures.
http://www.ee.oulu.fi/research/ouspg/protos/sota/matine/method-thesis/.
-
- [4]
-
Unspecified.
(2000).
"Buffer overflow in Norton Antivirus for Exchange".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0477.
-
- [5]
-
Unspecified.
(2001).
"DoS in MAILsweeper for SMTP".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0932.
-
- [6]
-
Unspecified.
(2002).
"BSCW groupware system read or modify arbitrary files".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0973.
-
- [7]
-
3APA3A.
(2001).
"GNU Tar Hostile Destination Path Vulnerability".
Securityfocus.
http://www.securityfocus.com/bid/3024.
-
- [8]
-
Unspecified.
(2001).
"Multiple vendor file archivers file extraction directory traversal".
ISS.
http://xforce.iss.net/xforce/xfdb/10224.
-
- [9]
-
Unspecified.
(2001).
"Multiple vendor file archivers file extraction directory traversal".
ISS.
http://xforce.iss.net/xforce/xfdb/10224.
-
- [10]
-
Unspecified.
(2001).
"Multiple vendor file archivers file extraction directory traversal".
ISS.
http://xforce.iss.net/xforce/xfdb/10224.
-
- [11]
-
Unspecified.
(2002).
"zlib "double free" memory corruption".
ISS.
http://xforce.iss.net/xforce/xfdb/8427.
-
- [12]
-
Unspecified.
(2002).
"Windows zipped file decompression buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/10251.
-
- [13]
-
Unspecified.
(2001).
"Multiple vendor file archivers file extraction directory traversal".
ISS.
http://xforce.iss.net/xforce/xfdb/10224.
-
- [14]
-
Unspecified.
(2002).
"AMaViS securetar TAR file denial of service".
ISS.
http://xforce.iss.net/xforce/xfdb/10056.
-
- [15]
-
Unspecified.
(2004).
"Microsoft Windows Incorrect Target Path for Zipped File Decompression".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1139.
-
- [16]
-
Unspecified.
(2004).
"Internet Explorer Malformed PNG Image File Failure".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1185.
-
- [17]
-
Unspecified.
(2001).
"Multiple vendor file archivers file extraction directory traversal".
ISS.
http://xforce.iss.net/xforce/xfdb/10224.
-
- [18]
-
Unspecified.
(2003).
"zlib gzprintf buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/11381.
-
- [19]
-
Unspecified.
(2003).
"RealPlayer PNG improper decompression buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/11643.
-
- [20]
-
Unspecified.
(2003).
"GameSpy Arcade GSAPAK.EXE file upload".
ISS.
http://xforce.iss.net/xforce/xfdb/12775.
-
- [21]
-
Unspecified.
(2003).
"Clearswift MAILsweeper RAR policy bypass".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0928.
-
- [22]
-
Unspecified.
(2003).
"Clearswift MAILsweeper ZIP policy bypass".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0929.
-
- [23]
-
Unspecified.
(2003).
"MAILsweeper for SMTP zip archive could allow an attacker to bypass virus protection".
ISS.
http://xforce.iss.net/xforce/xfdb/13611.
-
- [24]
-
Unspecified.
(2004).
"LHA multiple buffer overflows".
ISS.
http://xforce.iss.net/xforce/xfdb/16012.
-
- [25]
-
Unspecified.
(2004).
"Multiple directory traversal vulnerabilities in LHA".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0235.
-
- [26]
-
Unspecified.
(2004).
"Integer overflow in DUNZIP32.DLL for Microsoft Windows".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0575.
-
- [27]
-
Unspecified.
(2004).
"gzip gzexe script creates insecure temporary files".
ISS.
http://xforce.iss.net/xforce/xfdb/16506.
-
- [28]
-
Unspecified.
(2004).
"LHA metacharacter command execution".
ISS.
http://xforce.iss.net/xforce/xfdb/17198.
-
- [29]
-
Unspecified.
(2004).
"LHA extract_one buffer overflows".
ISS.
http://xforce.iss.net/xforce/xfdb/16196.
-
- [30]
-
Unspecified.
(2004).
"DGen ROM decompression symlink attack".
ISS.
http://xforce.iss.net/xforce/xfdb/16884.
-
- [31]
-
Unspecified.
(2004).
"LHA long pathname buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/16917.
-
- [32]
-
Unspecified.
(2004).
"zlib inflate and inflateback denial of service".
ISS.
http://xforce.iss.net/xforce/xfdb/17119.
-
- [33]
-
Unspecified.
(2004).
"Multiple vendor antivirus .zip bypass protection".
ISS.
http://xforce.iss.net/xforce/xfdb/17761.
-
- [34]
-
Unspecified.
(2004).
"unarj file name buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/18044.
-
- [35]
-
Unspecified.
(2004).
"Info-ZIP zip archive with long names buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/17956.
-
- [36]
-
Unspecified.
(2004).
"unarj file extraction directory traversal".
ISS.
http://xforce.iss.net/xforce/xfdb/17684.
-
- [37]
-
Unspecified.
(2005).
"RealPlayer zipped RJS file buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/23025.
-
- [38]
-
Unspecified.
(2004).
"Multiple vendor antivirus .zip bypass protection".
ISS.
http://xforce.iss.net/xforce/xfdb/17761.
-
- [39]
-
Unspecified.
(2004).
"WinRAR zip file buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/18569.
-
- [40]
-
Unspecified.
(2004).
"Solaris gzip modify privileges of hard linked files".
ISS.
http://xforce.iss.net/xforce/xfdb/17577.
-
- [41]
-
Unspecified.
(2004).
"WinRAR Repair Archive unknown vulnerability".
ISS.
http://xforce.iss.net/xforce/xfdb/17937.
-
- [42]
-
Unspecified.
(2004).
"Clam AntiVirus RAR archive denial of service".
ISS.
http://xforce.iss.net/xforce/xfdb/15553.
-
- [43]
-
Unspecified.
(2004).
"F-Secure Anti-Virus password protected archive bypass antivirus protection".
ISS.
http://xforce.iss.net/xforce/xfdb/17944.
-
- [44]
-
Unspecified.
(2004).
"eTrust Antivirus could allow attacker to bypass file scan".
ISS.
http://xforce.iss.net/xforce/xfdb/15230.
-
- [45]
-
Unspecified.
(2004).
"MAILsweeper for SMTP RAR denial of service".
ISS.
http://xforce.iss.net/xforce/xfdb/14979.
-
- [46]
-
Unspecified.
(2004).
"AntiGen for Domino zip file can cause denial of service".
ISS.
http://xforce.iss.net/xforce/xfdb/15470.
-
- [47]
-
Unspecified.
(2004).
"F-Secure Anti-Virus LHA archive buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/16258.
-
- [48]
-
Unspecified.
(2004).
"F-Secure Anti-Virus ZIP archive bypass scanning".
ISS.
http://xforce.iss.net/xforce/xfdb/18217.
-
- [49]
-
Unspecified.
(2004).
"cabarc "dot dot" directory traversal".
ISS.
http://xforce.iss.net/xforce/xfdb/17693.
-
- [50]
-
Unspecified.
(2005).
"Clam AntiVirus ZIP file denial of service".
ISS.
http://xforce.iss.net/xforce/xfdb/19181.
-
- [51]
-
Unspecified.
(2005).
"UnAce 'Ready for next volume' messages buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/19503.
-
- [52]
-
Unspecified.
(2005).
"UnAce "dot dot" directory traversal".
ISS.
http://xforce.iss.net/xforce/xfdb/19436.
-
- [53]
-
Unspecified.
(2005).
"WinHKI ZIP directory traversal".
ISS.
http://xforce.iss.net/xforce/xfdb/18798.
-
- [54]
-
Unspecified.
(2005).
"DivX Player directory traversal".
ISS.
http://xforce.iss.net/xforce/xfdb/19030.
-
- [55]
-
Unspecified.
(2005).
"ZipGenius path disclosure".
ISS.
http://xforce.iss.net/xforce/xfdb/19203.
-
- [56]
-
Unspecified.
(2005).
"Winrar dot dot dot directory traversal".
ISS.
http://xforce.iss.net/xforce/xfdb/20585.
-
- [57]
-
Unspecified.
(2005).
"Antivirus ARJ archive buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/19140.
-
- [58]
-
Unspecified.
(2005).
"Antivirus ARJ archive buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/19140.
-
- [59]
-
Unspecified.
(2005).
"McAfee AntiVirus Library stack buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/19433.
-
- [60]
-
Unspecified.
(2005).
"McAfee AntiVirus Library stack buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/19433.
-
- [61]
-
Unspecified.
(2005).
"HTTP Anti Virus Proxy cab and zip files bypass filtering".
ISS.
http://xforce.iss.net/xforce/xfdb/19868.
-
- [62]
-
Unspecified.
(2005).
"FileZilla Server zlib compression denial of service".
ISS.
http://xforce.iss.net/xforce/xfdb/19778.
-
- [63]
-
Unspecified.
(available).
"RHSA-2005:357 updates for gzip not installed".
ISS.
http://xforce.iss.net/xforce/xfdb/22637.
-
- [64]
-
Unspecified.
(2005).
"gzip -N command directory traversal".
ISS.
http://xforce.iss.net/xforce/xfdb/20199.
-
- [65]
-
Unspecified.
(2005).
"Multiple Symantec AntiVirus products RAR file detection bypass".
ISS.
http://xforce.iss.net/xforce/xfdb/20294.
-
- [66]
-
Unspecified.
(2005).
"Sophos Anti-Virus BZIP2 denial of service".
ISS.
http://xforce.iss.net/xforce/xfdb/21373.
-
- [67]
-
Unspecified.
(2005).
"MailScanner .zip security bypass".
ISS.
http://xforce.iss.net/xforce/xfdb/20721.
-
- [68]
-
Unspecified.
(2005).
"zlib DoS (inftrees.h)".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1849.
-
- [69]
-
Unspecified.
(2001).
"Multiple vendor file archivers file extraction directory traversal".
ISS.
http://xforce.iss.net/xforce/xfdb/10224.
-
- [70]
-
Unspecified.
(2005).
"Clam AntiVirus ENSURE_BITS function denial of service".
ISS.
http://xforce.iss.net/xforce/xfdb/21204.
-
- [71]
-
Unspecified.
(2005).
"zlib code table denial of service".
ISS.
http://xforce.iss.net/xforce/xfdb/21456.
-
- [72]
-
Unspecified.
(2006).
"BlackBerry Enterprise Server Attachment Service PNG buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/24063.
-
- [73]
-
Unspecified.
(2005).
"UnAce "dot dot" directory traversal".
ISS.
http://xforce.iss.net/xforce/xfdb/19436.
-
- [74]
-
Unspecified.
(2005).
"avast! Antivirus ACE archives buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/21464.
-
- [75]
-
Unspecified.
(2005).
"Linux Kernel huft_build zlib denial of service".
ISS.
http://xforce.iss.net/xforce/xfdb/22170.
-
- [76]
-
Unspecified.
(2005).
"Linux Kernel huft_build zlib denial of service".
ISS.
http://xforce.iss.net/xforce/xfdb/22170.
-
- [77]
-
Unspecified.
(2005).
"Tar setuid restores owner file permissions".
ISS.
http://xforce.iss.net/xforce/xfdb/24253.
-
- [78]
-
Unspecified.
(2006).
"IBM Lotus Notes htmsr.dll HTML speed reader URL link buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/24639.
-
- [79]
-
Unspecified.
(2006).
"IBM Lotus Notes kvarcve.dll compressed file preview directory traversal".
ISS.
http://xforce.iss.net/xforce/xfdb/24637.
-
- [80]
-
Unspecified.
(2005).
"RealPlayer zipped RJS file buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/23025.
-
- [81]
-
Unspecified.
(2005).
"HAURI compressed archives directory traversal".
ISS.
http://xforce.iss.net/xforce/xfdb/21920.
-
- [82]
-
Unspecified.
(2005).
"HAURI compressed archives directory traversal".
ISS.
http://xforce.iss.net/xforce/xfdb/21920.
-
- [83]
-
Unspecified.
(2005).
"HAURI vrAZace.dll library buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/22005.
-
- [84]
-
Unspecified.
(2006).
"ZipTV ARJ header buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/28785.
-
- [85]
-
Unspecified.
(2005).
"NOD32 ARJ archive buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/22203.
-
- [86]
-
Unspecified.
(2005).
"Avira Desktop for Windows ACE filename buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/24089.
-
- [87]
-
Unspecified.
(2005).
"AhnLab V3 Antivirus v3flt2k.sys scan driver allows attacker elevated privileges".
ISS.
http://xforce.iss.net/xforce/xfdb/22297.
-
- [88]
-
Unspecified.
(2005).
"7-Zip ARJ file buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/22396.
-
- [89]
-
Unspecified.
(2005).
"PowerArchiver ACE/ARJ filename buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/22429.
-
- [90]
-
Unspecified.
(2005).
"Kaspersky Antivirus cab heap overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/22497.
-
- [91]
-
Unspecified.
(2005).
"ALZip filename buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/22526.
-
- [92]
-
Unspecified.
(2005).
"Virus detection bypass in Kaspersky Antivirus".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3210.
-
- [93]
-
Unspecified.
(2005).
"Virus detection bypass in BitDefender Antivirus".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3211.
-
- [94]
-
Unspecified.
(2005).
"Virus detection bypass in F-Prot Antivirus".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3213.
-
- [95]
-
Unspecified.
(2005).
"Virus detection bypass in Avast Antivirus".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3214.
-
- [96]
-
Unspecified.
(2005).
"Virus detection bypass in McAfee Antivirus".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3215.
-
- [97]
-
Unspecified.
(2005).
"Virus detection bypass in Sophos Antivirus".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3216.
-
- [98]
-
Unspecified.
(2005).
"Virus detection bypass in Symantec Antivirus".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3217.
-
- [99]
-
Unspecified.
(2005).
"Virus detection bypass in Dr.Web Antivirus".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3218.
-
- [100]
-
Unspecified.
(2005).
"Virus detection bypass in Avira Antivirus".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3219.
-
- [101]
-
Unspecified.
(2005).
"Virus detection bypass in Norman Virus Control Antivirus".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3220.
-
- [102]
-
Unspecified.
(2005).
"Virus detection bypass in Fortinet Antivirus".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3221.
-
- [103]
-
Unspecified.
(2005).
"Virus detection bypass in VBA32 Antivirus".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3222.
-
- [104]
-
Unspecified.
(2005).
"Virus detection bypass in Rising Antivirus".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3223.
-
- [105]
-
Unspecified.
(2005).
"Virus detection bypass in AntiVir Antivirus".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3224.
-
- [106]
-
Unspecified.
(2005).
"Virus detection bypass in (1) eTrust-Iris and (2) eTrust-Vet Antivirus".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3225.
-
- [107]
-
Unspecified.
(2005).
"Virus detection bypass in ArcaVir Antivirus".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3226.
-
- [108]
-
Unspecified.
(2005).
"Virus detection bypass in UNA Antivirus".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3227.
-
- [109]
-
Unspecified.
(2005).
"Virus detection bypass in Ikarus AntiVirus".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3228.
-
- [110]
-
Unspecified.
(2005).
""Virus detection bypass in ClamAV Antivirus".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3229.
-
- [111]
-
Unspecified.
(2005).
"Virus detection bypass in Panda Antivirus".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3230.
-
- [112]
-
Unspecified.
(2005).
"Virus detection bypass in CAT Quick Heal".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3231.
-
- [113]
-
Unspecified.
(2005).
"Virus detection bypass in TheHacker".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3232.
-
- [114]
-
Unspecified.
(2005).
"Virus detection bypass in Trustix Antivirus".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3233.
-
- [115]
-
Unspecified.
(2005).
"Virus detection bypass in Grisoft AVG Antivirus".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3234.
-
- [116]
-
Unspecified.
(2005).
"Virus detection bypass in Proland Protector Plus 2000 Antivirus".
Mitre.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3235.
-
- [117]
-
Unspecified.
(2005).
"WinRAR unacev2.dll ACE archive buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/23955.
-
- [118]
-
Unspecified.
(2005).
"ZipGenius filename buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/22832.
-
- [119]
-
Unspecified.
(2005).
"F-Prot Antivirus ZIP files can bypass protection".
ISS.
http://xforce.iss.net/xforce/xfdb/22967.
-
- [120]
-
Unspecified.
(2005).
"Clam Antivirus tnef_attachment function denial of service".
ISS.
http://xforce.iss.net/xforce/xfdb/22964.
-
- [121]
-
Unspecified.
(2005).
"Clam Antivirus cabd_find function denial of service".
ISS.
http://xforce.iss.net/xforce/xfdb/22965.
-
- [122]
-
Unspecified.
(2005).
"SpeedProject multiple products lstrcat() ZIP file buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/23249.
-
- [123]
-
Unspecified.
(2005).
"Panda Antivirus library ZOO file buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/23276.
-
- [124]
-
Unspecified.
(2005).
"Symantec AntiVirus Library RAR parsing multiple buffer overflows".
ISS.
http://xforce.iss.net/xforce/xfdb/23705.
-
- [125]
-
Unspecified.
(2005).
"TUGZip ARJ archive buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/23915.
-
- [126]
-
Unspecified.
(2006).
"Sophos Anti-Virus ARJ file scanning detection bypass".
ISS.
http://xforce.iss.net/xforce/xfdb/24345.
-
- [127]
-
Unspecified.
(2006).
"GNU Tar PAX extended headers buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/24855.
-
- [128]
-
Unspecified.
(2006).
"F-Secure Anti-Virus ZIP file buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/24198.
-
- [129]
-
Unspecified.
(2006).
"F-Secure Anti-Virus RAR and ZIP file scan detection bypass".
ISS.
http://xforce.iss.net/xforce/xfdb/24199.
-
- [130]
-
Unspecified.
(2006).
"WinAce ARJ header buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/24872.
-
- [131]
-
Unspecified.
(2006).
"zoo misc.c fullpath() buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/24904.
-
- [132]
-
Unspecified.
(2006).
"SpeedProject .ZIP and .JAR archives directory traversal".
ISS.
http://xforce.iss.net/xforce/xfdb/24909.
-
- [133]
-
Unspecified.
(2006).
"Stuffit and ZipMagic archive directory traversal".
ISS.
http://xforce.iss.net/xforce/xfdb/24886.
-
- [134]
-
Unspecified.
(2006).
"PEAR::Archive_Zip dot dot directory traversal".
ISS.
http://xforce.iss.net/xforce/xfdb/24972.
-
- [135]
-
Unspecified.
(2006).
"WinAce .RAR and .TAR directory traversal".
ISS.
http://xforce.iss.net/xforce/xfdb/24902.
-
- [136]
-
Unspecified.
(2006).
"Sophos Anti-Virus CAB file parsing buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/26305.
-
- [137]
-
Unspecified.
(2006).
"zoo parse.c parse() buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/25264.
-
- [138]
-
Unspecified.
(2006).
"WinHKI archive extraction directory traversal".
ISS.
http://xforce.iss.net/xforce/xfdb/25335.
-
- [139]
-
Unspecified.
(2006).
"TUGZip archive directory traversal".
ISS.
http://xforce.iss.net/xforce/xfdb/25713.
-
- [140]
-
Unspecified.
(2006).
"IZArc extract error directory traversal".
ISS.
http://xforce.iss.net/xforce/xfdb/26039.
-
- [141]
-
Unspecified.
(2006).
"SpeedProject multiple products ACE buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/26115.
-
- [142]
-
Unspecified.
(2006).
"Abakt ZIP buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/26435.
-
- [143]
-
Unspecified.
(2006).
"VeriSign I-Nav VUpdater.Install ActiveX control code execution".
ISS.
http://xforce.iss.net/xforce/xfdb/26375.
-
- [144]
-
Unspecified.
(2006).
"ZipCentral ZIP archive filename buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/26737.
-
- [145]
-
Unspecified.
(2006).
"ZipTV ARJ header buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/28785.
-
- [146]
-
Unspecified.
(2006).
"BitZipper extract directory traversal".
ISS.
http://xforce.iss.net/xforce/xfdb/26626.
-
- [147]
-
Unspecified.
(2006).
"PicoZip zipinfo.dll buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/27096.
-
- [148]
-
Unspecified.
(2006).
"Filzip archive directory traversal".
ISS.
http://xforce.iss.net/xforce/xfdb/27027.
-
- [149]
-
Unspecified.
(2006).
"QuickZip extract directory traversal".
ISS.
http://xforce.iss.net/xforce/xfdb/27474.
-
- [150]
-
Unspecified.
(2006).
"AutoVue SolidModel Professional archive filename buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/27968.
-
- [151]
-
Unspecified.
(2006).
"Apple Mac OS X BOMArchiveHelper BOMFileClose() .zip archive buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/28138.
-
- [152]
-
Unspecified.
(2006).
"MIMEsweeper for Web RAR archive Web Policy Engine denial of service".
ISS.
http://xforce.iss.net/xforce/xfdb/27643.
-
- [153]
-
Unspecified.
(2006).
"WinRAR LHA archive buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/27815.
-
- [154]
-
Unspecified.
(2006).
"Microsoft Internet Explorer HTTP 1.1 compression long URL buffer overflow variant".
ISS.
http://xforce.iss.net/xforce/xfdb/28893.
-
- [155]
-
Unspecified.
(2006).
"MailGate Email Firewall LHA extended-header filename buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/27942.
-
- [156]
-
Unspecified.
(2006).
"PowerArchiver add buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/27939.
-
- [157]
-
Unspecified.
(2006).
"Lhaplus LZH archive extended header buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/28102.
-
- [158]
-
Unspecified.
(2006).
"Lhaz long LZH filename buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/28282.
-
- [159]
-
Unspecified.
(2006).
"gzip huft_build() code execution".
ISS.
http://xforce.iss.net/xforce/xfdb/29038.
-
- [160]
-
Unspecified.
(2006).
"gzip LZH array code execution".
ISS.
http://xforce.iss.net/xforce/xfdb/29040.
-
- [161]
-
Unspecified.
(2006).
"gzip unpack.c buffer underflow".
ISS.
http://xforce.iss.net/xforce/xfdb/29042.
-
- [162]
-
Unspecified.
(2006).
"gzip LZH array code execution".
ISS.
http://xforce.iss.net/xforce/xfdb/29040.
-
- [163]
-
Unspecified.
(2006).
"gzip LZH array code execution".
ISS.
http://xforce.iss.net/xforce/xfdb/29040.
-
- [164]
-
Unspecified.
(2006).
"PowerZip filename buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/28534.
-
- [165]
-
Unspecified.
(2006).
"Dr. Web LHA archive buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/29069.
-
- [166]
-
Unspecified.
(2006).
"Compression Plus ZOO buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/28693.
-
- [167]
-
Unspecified.
(2006).
"avast! LHA archive buffer overflow".
ISS.
http://xforce.iss.net/xforce/xfdb/28824.
[This page is CSS2 enabled. Your browser might not fully support it]
|