TUGZip is vulnerable to a stack buffer overflow due to improper parsing of the filename parameter within zip file if an overly long filename is provided. The exploit is triggered when the user opens the malicious ZIP file using from the windows explorer or from the main interface of the program. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by opening the file.
CVE Link
Exploit Platform
Exploit Type
Product Name