Total Commander unacev2.dll Buffer Overflow Vulnerability

English support forum

Moderators: white, Hacker, petermad, Stefan2

Post Reply
captjlddavis
Junior Member
Junior Member
Posts: 67
Joined: 2003-02-09, 23:38 UTC

Total Commander unacev2.dll Buffer Overflow Vulnerability

Post by *captjlddavis »

Total Commander unacev2.dll Buffer Overflow Vulnerability

SECUNIA ADVISORY ID:
SA19454

VERIFY ADVISORY:
http://secunia.com/advisories/19454/

If already posted - please dis-regard

captjlddavis
Top
User avatar
majkinetor !
Power Member
Power Member
Posts: 1580
Joined: 2006-01-18, 07:56 UTC
Contact:
Contact majkinetor !

Post by *majkinetor ! »

thx for this info.

I am going to shutdown internal ace packer.
Habemus majkam!
Top
User avatar
DarkRuleR
Member
Member
Posts: 190
Joined: 2003-02-20, 22:23 UTC
Location: Netherlands

Post by *DarkRuleR »

Updating to version >6.54 is a solution too.
Quote from the website secunia:

Solution:
Update to version 6.54 or later.
http://www.ghisler.com/download.htm
DR...
#106383 Windows 10 Pro 64-bit
Top
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48093
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:
Contact ghisler(Author)

Post by *ghisler(Author) »

Indeed this DLL is from the original ACE author, and used as a "black box" by Total Commander. I have updated it in TC6.54 because of this vulnerability.
Author of Total Commander
https://www.ghisler.com
Top
GuusQu
Junior Member
Junior Member
Posts: 3
Joined: 2006-06-13, 05:58 UTC

Post by *GuusQu »

ghisler(Author) wrote:Indeed this DLL is from the original ACE author, and used as a "black box" by Total Commander. I have updated it in TC6.54 because of this vulnerability.
Is there an official statement about this.
In our compagny the will bann Total Commander because of this!!!
Top
User avatar
Lefteous
Power Member
Power Member
Posts: 9535
Joined: 2003-02-09, 01:18 UTC
Location: Germany
Contact:
Contact Lefteous

Post by *Lefteous »

2GuusQu
Is there an official statement about this.
Yes the statement you quoted is an official statement.
In our compagny the will bann Total Commander because of this!!!
Maybe your company should just upgrade to 6.54 instead of banning the program.
Top
GuusQu
Junior Member
Junior Member
Posts: 3
Joined: 2006-06-13, 05:58 UTC

Upgrade

Post by *GuusQu »

We use 6.54a! This version is released at feb.06.06.

The information we have is dated april 03.06
http://www.securiteam.com/windowsntfocus/5JP030UIAE.html

So this article is outdated?
Top
User avatar
Lefteous
Power Member
Power Member
Posts: 9535
Joined: 2003-02-09, 01:18 UTC
Location: Germany
Contact:
Contact Lefteous

Post by *Lefteous »

2GuusQu
So this article is outdated?
It just doesn't apply to 6.54. They write that it applies to 6.x but this is wrong. The answer to your question is yes it is outdated.

IMHO it's better when a security problem is fixed before a problem is made public. After the bug has been fixed you could read on some security pages that there is a security issue with older versions (6.53 and older).

Read here:
http://secunia.com/advisories/19454/

You can verify that the problem is solved by testing the example archive on the page you linked to.
Last edited by Lefteous on 2006-06-13, 07:01 UTC, edited 1 time in total.
Top
GuusQu
Junior Member
Junior Member
Posts: 3
Joined: 2006-06-13, 05:58 UTC

Post by *GuusQu »

Thanks for the fast response! I'll drop it in the organisation ...
regards,
Guus
Top
Post Reply

Return to “Total Commander (English)”