CVE-2005-3862

unalz - Buffer Overflow via Long File Names in ALZ Archives

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3862. PoCs published by Ulf Harnhammar.

AI-analyzed exploit summary This Perl script generates a malicious ALZ archive with an overly long filename to trigger a buffer overflow in the 'unalz' utility. The exploit leverages the vulnerability to potentially execute arbitrary code when the archive is extracted.

Description

Buffer overflow in unalz before 0.53 allows remote attackers to execute arbitrary code via long file names in ALZ archives.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ulf Harnhammar · perldoslinux

https://www.exploit-db.com/exploits/26601

View Code ZIP pw:eip

This Perl script generates a malicious ALZ archive with an overly long filename to trigger a buffer overflow in the 'unalz' utility. The exploit leverages the vulnerability to potentially execute arbitrary code when the archive is extracted.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: unalz utility (version not specified)

No auth needed

Prerequisites: Perl interpreter · Ability to deliver the malicious ALZ archive to the target

MITRE ATT&CK