Zero-day Vulnerability Database

Change view

Zero-day vulnerabilities discovered: 1

Remote code execution in Compress::Raw::Zlib Perl module
CVE-2009-1391

Off-by-one error

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to off-by-one error in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017 when processing specially crafted zlib archives. A remote attacker can pass a specially crafted zlib archive to vulnerable application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation may allow an attacker to compromise vulnerable system.

Note: this vulnerability is being actively exploited in the wild against AMaViS and SpamAssassin, which use vulnerable Perl module.
i

The vulnerability was exploited in the wild against AMaViS and SpamAssassin using email messages with malicious attachments.

Software: Compress::Raw::Zlib

Known/fameous malware:

Win-Trojan/Downloader.32768.QT
TR/Crypt.XPACK.Gen
Trojan.Downloader-71014
Trojan.DownLoad.37569
Trojan-Downloader.Win32.Agent.cdir
TrojanDownloader:Win32/Cbeplay.gen!A
Mal/EncPk-FO
TROJ_CBEPLAY.A

The vulnerability was exploited in the wild against AMaViS and SpamAssassin using email messages with malicious attachments.