Beyond Compare < 3.1.11 Zip File Buffer Overflow

medium Nessus Network Monitor Plugin ID 5529

Synopsis

The remote host contains an application that is vulnerable to a buffer overflow attack.

Description

The remote host contains Beyond Compare, a file comparison application. The installed version of Beyond Compare is earlier than 3.1.11. Such version are potentially affected by a buffer overflow vulnerability when handling zip files with an overly large filename. An attacker, exploiting this flaw, could potentially execute arbitrary code on the remote host subject to the privileges of the user running the application.

Solution

Upgrade to Beyond Compare 3.1.11 or later.

See Also

http://www.nessus.org/u?8ad65be8

Plugin Details

Severity: Medium

ID: 5529

Family: Web Clients

Published: 5/6/2010

Updated: 3/6/2019

Nessus ID: 46242

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X

Vulnerability Information

Patch Publication Date: 4/28/2010

Vulnerability Publication Date: 4/5/2010

Reference Information

BID: 39907