CVE-2008-4779

Tguzip - Memory Corruption

Title source: rule

Description

Stack-based buffer overflow in TUGzip 3.5.0.0 allows remote attackers to denial of service (crash) or execute arbitrary code via a long filename in a .zip file.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/17967

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Lincoln · perllocalwindows

https://www.exploit-db.com/exploits/12008

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by fl0 fl0w · c++localwindows

https://www.exploit-db.com/exploits/6831

View Code ZIP pw:eip

metasploit WORKING POC GOOD

by Stefan Marin, Lincoln · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/tugzip.rb

View Code ZIP pw:eip

References (6)

[Vendor Advisory] http://secunia.com/advisories/32411

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/46120

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/31913

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6831

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/2918

[Third Party Advisory] http://securityreason.com/securityalert/4528

Scores

EPSS 0.7879

EPSS Percentile 99.1%

Details

CWE

CWE-119

Status published

Products (1)

tguzip/tguzip 3.5.5.0.0

Published Oct 29, 2008

Tracked Since Feb 18, 2026