Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1315

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2015-1315
Last Modified 24 Feb 2015 12:04:45
Published 23 Feb 2015 12:59:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-1315

Summary

Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 12.04

  • Canonical Ubuntu Linux 14.04

  • Canonical Ubuntu Linux 14.10

Application

  • Info-zip Unzip 6.10b


References

MISC - https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/580961/comments/120

UBUNTU - USN-2502-1

MLIST - [oss-security] 20150217 CVE-2015-1315 - Info-ZIP UnZip - Out-of-bounds Write

MISC - http://www.conostix.com/pub/adv/CVE-2015-1315-Info-ZIP-unzip-Out-of-bounds_Write.txt


Last Updated: 27 May 2016 11:07:54