Winace UnAce ACE Archive Multiple Remote Buffer Overflow Vulnerabilities

Winace UnAce ACE Archive Multiple Remote Buffer Overflow Vulnerabilities

Multiple remotely exploitable client-side buffer-overflow vulnerabilities reportedly affect WinAce unace. These issues are due to the application's failure to properly validate the length of user-supplied strings before copying them into static process buffers.

An attacker may exploit these issues to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.

**Update: Versions 2.x of unace are reportedly affected by one of these issues as well. The vulnerability has been confirmed in 2.04, 2.2, and 2.5.