• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

InnerMedia DynaZip Remote Stack Based Buffer Overflow Vulnerability

DynaZip is susceptible to a stack-based buffer-overflow vulnerability. This issue is due to the library's failure to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

A remote attacker may exploit this vulnerability to execute arbitrary instructions in the context of an application that uses the affected library.

The following applications are known to include vulnerable versions of the affected library:

- RealPlayer for Microsoft Windows
- RealOne Player for Microsoft Windows
- CheckMark Payroll 2004/2005.

Other applications also likely include the vulnerable library.