DynaZip < / Zip Archive Handling Multiple Overflows

This script is Copyright (C) 2006-2016 Tenable Network Security, Inc.

Synopsis :

The remote Windows host contains a library that is affected by several
buffer overflow vulnerabilities.

Description :

The version of the DynaZip Max or DynaZip Max Secure installed on the
remote host contains a DLL that reportedly is prone to stack-based
overflows when repairing or updating a specially crafted ZIP file.
Successful exploitation allows an attacker to execute arbitrary code
on the affected host subject to the user's privileges.

Note that DynaZip libraries are included in some third-party
applications to provide support for handling ZIP files.

See also :


Solution :

Either upgrade to DynaZip Max / DynaZip Max Secure or
later or contact the appropriate vendor for a fix.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 22312 (dynazip_5008.nasl)

Bugtraq ID: 19143

CVE ID: CVE-2006-3985

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now