GetRight Skin File (*.grs) Buffer Overflow May Let Remote Users Run Arbitrary Code

vendor:

GetRight

by:

ATmaCA

7.5

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: GetRight

Affected Version From: GetRight 5.2a

Affected Version To: 5.2a

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2004

GetRight Skin File (*.grs) Buffer Overflow May Let Remote Users Run Arbitrary Code

A remote user can create a malicious skin file (*.grs) that, when loaded by the target user, will trigger a buffer overflow in DUNZIP32.DLL (4.0.0.3) and potentially execute arbitrary code.

Mitigation:

No response available

Source

Exploit-DB raw data:

GetRight Skin File (*.grs) Buffer Overflow May Let Remote Users Run Arbitrary
Code

Application:  GetRight
             Headlight Software
             www.getright.com

Author:
ATmaCA <atmaca@prohack.net>

a remote user can create a malicious skin file (*.grs) that, when loaded by the
target user, will trigger a buffer overflow in DUNZIP32.DLL (4.0.0.3) and
potentially execute arbitrary code.

AFFECTED VERSION:
Versions verified to be vulnerable:
GetRight 5.2a and prior versions are affected.

Solutions:
There was no response.

Exploit:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/677.grs (c_skin.grs)
When you copy or click this link, getright automaticly download and try to load
crafted skin and will trigger buffer overflow

# milw0rm.com [2004-12-06]