WinAce UUE File Decompression Buffer Overflow Date: Tuesday, December 25, 2007 @ 17:37:46 CST Topic: Security SECUNIA ADVISORY ID: SA28215 VERIFY ADVISORY: http://secunia.com/advisories/28215/ CRITICAL: Highly critical IMPACT: System access SOFTWARE: WinAce 2.x - http://secunia.com/product/4231/ DESCRIPTION: A vulnerability has been reported in WinAce, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when decompressing UUE files and can be exploited to cause a heap-based buffer overflow via a specially crafted UUE file containing an overly long filename. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 2.65. Other versions may also be affected. SOLUTION: Update to version 2.69. - http://www.winace.com/down.html PROVIDED AND/OR DISCOVERED BY: Fourteenforty Research Institute ORIGINAL ADVISORY: http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20071225 OTHER REFERENCES: JVN: http://jvn.jp/jp/JVN%2344736880/index.html This article comes from Ravens PHP Scripts https://www.ravenphpscripts.com The URL for this story is: https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3180