Total Commander unacev2.dll Buffer Overflow Vulnerability
Moderators: white, Hacker, petermad, Stefan2
-
- Junior Member
- Posts: 67
- Joined: 2003-02-09, 23:38 UTC
Total Commander unacev2.dll Buffer Overflow Vulnerability
Total Commander unacev2.dll Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA19454
VERIFY ADVISORY:
http://secunia.com/advisories/19454/
If already posted - please dis-regard
captjlddavis
SECUNIA ADVISORY ID:
SA19454
VERIFY ADVISORY:
http://secunia.com/advisories/19454/
If already posted - please dis-regard
captjlddavis
- majkinetor !
- Power Member
- Posts: 1580
- Joined: 2006-01-18, 07:56 UTC
- Contact:
Updating to version >6.54 is a solution too.
DR...Quote from the website secunia:
Solution:
Update to version 6.54 or later.
http://www.ghisler.com/download.htm
#106383 Windows 10 Pro 64-bit
- ghisler(Author)
- Site Admin
- Posts: 48093
- Joined: 2003-02-04, 09:46 UTC
- Location: Switzerland
- Contact:
Indeed this DLL is from the original ACE author, and used as a "black box" by Total Commander. I have updated it in TC6.54 because of this vulnerability.
Author of Total Commander
https://www.ghisler.com
https://www.ghisler.com
Upgrade
We use 6.54a! This version is released at feb.06.06.
The information we have is dated april 03.06
http://www.securiteam.com/windowsntfocus/5JP030UIAE.html
So this article is outdated?
The information we have is dated april 03.06
http://www.securiteam.com/windowsntfocus/5JP030UIAE.html
So this article is outdated?
2GuusQu
IMHO it's better when a security problem is fixed before a problem is made public. After the bug has been fixed you could read on some security pages that there is a security issue with older versions (6.53 and older).
Read here:
http://secunia.com/advisories/19454/
You can verify that the problem is solved by testing the example archive on the page you linked to.
It just doesn't apply to 6.54. They write that it applies to 6.x but this is wrong. The answer to your question is yes it is outdated.So this article is outdated?
IMHO it's better when a security problem is fixed before a problem is made public. After the bug has been fixed you could read on some security pages that there is a security issue with older versions (6.53 and older).
Read here:
http://secunia.com/advisories/19454/
You can verify that the problem is solved by testing the example archive on the page you linked to.
Last edited by Lefteous on 2006-06-13, 07:01 UTC, edited 1 time in total.