Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Windows >> Compression Plus Zoo Archive Processing Buffer Overflow Vulnerability


Vulnerability Assessment Details

Compression Plus Zoo Archive Processing Buffer Overflow Vulnerability

Vulnerability Assessment Summary
Checks version of Compression Plus' cp5dll32.dll

Detailed Explanation for this Vulnerability Assessment

Summary :

There is a library file installed on the remote Windows host that is
affected by a buffer overflow vulnerability.

Description :

The version of the Compression Plus toolkit installed on the remote
host contains a DLL that reportedly is prone to a stack-based overflow
when processing specially-crafted ZOO files. Exploitation depends on
how the toolkit is used, especially with third-party products.

See also :

http://www.mnin.org/advisories/2006_cp5_tweed.pdf
http://www.becubed.com/downloads/compfix.txt
https://kb1.tumbleweed.com/article.asp?article=4175&p=2

Solution :

Contact the vendor for a fix or upgrade Cp5dll32.dll to version
5.0.1.28 or later.

Network Security Threat Level:

Medium / CVSS Base Score : 5.6
(AV:R/AC:H/Au:NR/C:P/I:P/A:P/B:N)

Networks Security ID: 19796

Vulnerability Assessment Copyright: This script is Copyright (C) 2006-2007 Tenable Network Security

Cables, Connectors

SIEMENS 7366100615: C/T CPU Memory Carrier Board Dual Processors RM600E
$98.89
SIEMENS 7366100615: C/T CPU Memory Carrier Board Dual Processors RM600E picture120MM Large Air Flow 4 Pin Interface DC 12V Chassis Fan CPU Cooling Fan Cooler~T
$2.63
120MM Large Air Flow 4 Pin Interface DC 12V Chassis Fan CPU Cooling Fan Cooler~T pictureIntel Xeon X5690 3.46GHz Six Core (BX80614X5690) Processor
$125.0
Intel Xeon X5690 3.46GHz Six Core (BX80614X5690) Processor pictureAMD Ryzen 7 1700X 8 Core 16Threads Socket AM4 95W 3.4GHz 3.8Ghz 4MB Processor
$369.99
AMD Ryzen 7 1700X 8 Core 16Threads Socket AM4 95W 3.4GHz 3.8Ghz 4MB Processor picture


Discussions

No Discussions have been posted on this vulnerability.