[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability
- To: Derek Soeder <dsoeder@xxxxxxxx>
- Subject: Re: [Full-Disclosure] EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability
- From: bipin gautam <visitbipin@xxxxxxxxx>
- Date: Thu, 14 Oct 2004 06:56:42 -0700 (PDT)
>---Description---
>Win xp default zip manager can't handle long file
names properly...
>
>---Bug Demonstration---
>Create a new file with very long file name... in your
c: [ say:
>1.111111111111111111111111111111111111111111111111111111111111111111111111
>11111111111111111111111111111111111111111111111111111111111111111111111111
>11111111111111111111111111111111111111111111111111111111111111111111111111
>11111111111111111111111111111 ]
>
>[or, download]
http://www.geocities.com/visitbipin/zip_long.zip
>
>Windows xp will easily allow you to create that file,
now zip the file [
>above mentioned ie 1.11111111111111111111* ] using
winxp default zip
>manager, [say, the new file created is 1.zip]
>But strangely, if you open the file [1.zip] with
windows explorer [ie
>view it's content] You can neither see a file name
nor its extension in
>the archive but simply its icon only!
>
>Moreover, windows xp doesn't allow you to delete the
long file created in
>the above example, through GUI mode [...have to use
command prompt] and
>end up with an error Can't delete 1 : The folder is
empty. [actually its
>a file!]
http://www.securityfocus.com/archive/1/336994
*appaulse*
before, microsoft discarded this report as a
non-security issue. Maybe, my english was too poor at
that time.
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html