CVE-2010-1685

CursorArts ZipWrangler 1.20 - Stack-Based Buffer Overflow via Long Filename in ZIP File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1685. PoCs published by TecR0c & Sud0.

AI-analyzed exploit summary This exploit targets a SEH overflow vulnerability in ZipWrangler 1.20 by crafting a malicious .zip file with a payload that overwrites the SEH handler and executes arbitrary shellcode. The exploit leverages a specific address in rpcrt4.dll to bypass error handling and achieve remote code execution.

Description

Stack-based buffer overflow in CursorArts ZipWrangler 1.20 allows user-assisted remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename.

Exploits (1)

exploitdb WORKING POC VERIFIED
by TecR0c & Sud0 · perllocalwindows
https://www.exploit-db.com/exploits/12368

This exploit targets a SEH overflow vulnerability in ZipWrangler 1.20 by crafting a malicious .zip file with a payload that overwrites the SEH handler and executes arbitrary shellcode. The exploit leverages a specific address in rpcrt4.dll to bypass error handling and achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: ZipWrangler 1.20
No auth needed
Prerequisites: Victim must open the malicious .zip file with ZipWrangler 1.20
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

EPSS 0.0514
EPSS Percentile 91.3%

Details

CWE
CWE-119
Status published
Products (1)
cursorarts/zipwrangler 1.20
Published May 04, 2010
Tracked Since Feb 18, 2026