full-disclosure-uk May 2007 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] [vuln.sg] yEnc32 Decoder L

[Full-disclosure] [vuln.sg] yEnc32 Decoder Long Filename Buffer Overflow Vulnerability

From: TAN Chew Keong <vulnpost-remove_at_nospam>
Date: Sat May 12 2007 - 02:56:00 GMT
To: full-disclosure@lists.grok.org.uk


[vuln.sg] Vulnerability Research Advisory

yEnc32 Decoder Long Filename Buffer Overflow Vulnerability

by Tan Chew Keong
Release Date: 2007-05-12

Summary



A vulnerability has been found in yEnc32. When exploited, the vulnerability allows execution of arbitrary code when the user decodes a specially crafted yEnc encoded file.

Tested Versions



yEnc32 version 1.0.7.207

Details



http://vuln.sg/yenc32-107-en.html
http://vuln.sg/yenc32-107-jp.html

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/