Title : CHMlib "chm_find_in_PMGL" CHM File Handling Buffer Overflow Issues VUPEN ID : VUPEN/ADV-2005-2249 CVE ID : CVE-2005-2930 - CVE-2005-2659
Rated as : High Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2005-10-31
Technical Description
Two vulnerabilities were identified in CHMlib, which could be exploited by attackers to execute arbitrary commands.
The first flaw is due to a buffer overflow error in the "chm_find_in_PMGL" [chm_lib.c] function that does not properly handle specially crafted CHM/ITSF files, which could be exploited by remote attackers to execute arbitrary commands by convincing a user to open a malformed CHM file.
The second issue is due to an unspecified buffer overflow error when performing LZX decompression, which could be exploited by attackers to execute arbitrary commands.
