CVE-2007-6537

WinUAE <= 1.4.4 - Stack-based Buffer Overflow via Long Filename in Gzipped Archive

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6537. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This exploit targets a stack-based buffer overflow in WinUAE <= 1.4.4 by crafting a malicious ADZ file with an oversized filename field. The overflow occurs during gunzip decompression, allowing arbitrary code execution or denial-of-service.

Description

Stack-based buffer overflow in the zfile_gunzip function in zfile.c in WinUAE 1.4.4 and earlier allows user-assisted remote attackers to execute arbitrary code via a long filename in a gzipped archive, such as a (1) gz, (2) adz, (3) roz, or (4) hdz archive in a compressed floppy disk image.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Luigi Auriemma · cdosmultiple

https://www.exploit-db.com/exploits/30922

View Code ZIP pw:eip

This exploit targets a stack-based buffer overflow in WinUAE <= 1.4.4 by crafting a malicious ADZ file with an oversized filename field. The overflow occurs during gunzip decompression, allowing arbitrary code execution or denial-of-service.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WinUAE <= 1.4.4

No auth needed

Prerequisites: Ability to deliver a malicious ADZ file to the target system

MITRE ATT&CK