Info-ZIP Zip Remote Recursive Directory Compression Buffer Overflow Vulnerability

Info-ZIP Zip Remote Recursive Directory Compression Buffer Overflow Vulnerability

A remote recursive directory compression buffer overflow vulnerability reportedly affects Info-ZIP Zip. This issue is due to insufficient buffer boundary verification prior to copying user-supplied data.

Successful exploitation of this issue would allow an attacker to execute arbitrary code on the affected computer with the privileges of a user running the affected application. This issue would likely facilitate unauthorized access or privilege escalation.

Reports from Harry Johnston indicate the OraClient 10g component of Oracle Database Server 10g incorporates a vulnerable version of Info-ZIP Zip and is therefore vulnerable to this issue.