[vuln.sg] Lhaplus LHA Extended Header Handling Buffer Overflow Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [vuln.sg] Lhaplus LHA Extended Header Handling Buffer Overflow Vulnerability
From: vulnpost-remove@xxxxxxx
Date: 1 Aug 2006 00:52:15 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

[vuln.sg] Vulnerability Research Advisory

Lhaplus LHA Extended Header Handling Buffer Overflow Vulnerability

by Tan Chew Keong
Release Date: 2006-07-31

Summary
-------
A vulnerability has been found in Lhaplus. When exploited, the vulnerability 
allows execution of arbitrary code when the user extracts a malicious LZH 
archive.

Tested Version
--------------
Lhaplus version 1.52 (Japanese)

Details
-------
http://vuln.sg/lhaplus152-en.html

Prev by Date: [SECURITY] [DSA 1133-1] New mantis packages fix execution of arbitrary web script code
Next by Date: [ MDKSA-2006:135 ] - Updated freeciv packages fix DoS vulnerabilities
Previous by thread: [SECURITY] [DSA 1133-1] New mantis packages fix execution of arbitrary web script code
Next by thread: [ MDKSA-2006:135 ] - Updated freeciv packages fix DoS vulnerabilities
Index(es):
- Date
- Thread