Beyond Compare < 3.1.11 Zip File Buffer Overflow

Medium Nessus Network Monitor Plugin ID 5529

Synopsis

The remote host contains an application that is vulnerable to a buffer overflow attack.

Description

The remote host contains Beyond Compare, a file comparison application. The installed version of Beyond Compare is earlier than 3.1.11. Such version are potentially affected by a buffer overflow vulnerability when handling zip files with an overly large filename. An attacker, exploiting this flaw, could potentially execute arbitrary code on the remote host subject to the privileges of the user running the application.

Solution

Upgrade to Beyond Compare 3.1.11 or later.

See Also

http://www.nessus.org/u?8ad65be8

Plugin Details

Severity: Medium

ID: 5529

File Name: 5529.prm

Family: Web Clients

Published: 2010/05/06

Modified: 2016/02/05

Dependencies: 1735, 8314

Nessus ID: 46242

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.8

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

CVSSv3

Base Score: 5.6

Temporal Score: 5.4

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:U/RC:X

Vulnerability Information

Patch Publication Date: 2010/04/28

Vulnerability Publication Date: 2010/04/05

Reference Information

BID: 39907