[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Microsoft Windows default ZIP handler bug

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Microsoft Windows default ZIP handler bug
From: "Kristian Erik Hermansen" <kristian.hermansen@xxxxxxxxx>
Date: Mon, 15 Oct 2007 01:19:31 -0700

I tested this on three Windows XP machines and was able to make them
all crash.  There is an issue with the way Microsoft's default
compressed file handler deals with embedded compressed files.  I don't
have much time to investigate further, since I am in Atlanta all this
week for SPICON and don't have any tools on my corp laptop :-(
However, I put together a Flash video showing the bug.  It may not be
exploitable, but I also haven't been keeping up with the latest bad
pointer / alternate code path research stuff.  Maybe someone can do
some ninjitsu code exec using this...

Video:
http://kristian-hermansen.com/hacks/microsoft-windows-default-compressed-file-handler-crasher-2.swf

File:
http://kristian-hermansen.com/hacks/IIIIIIIIJJJJJJJJKKKKKKKKLLLLLLLL.zip
-- 
Kristian Erik Hermansen

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Microsoft Windows default ZIP handler bug
  - From: 3APA3A
- Re: [Full-disclosure] Microsoft Windows default ZIP handler bug
  - From: Nicolas RUFF

Prev by Date: [Full-disclosure] [SECURITY] [DSA 1386-2] New wesnoth packages fix denial of service
Next by Date: Re: [Full-disclosure] full-disclosure@xxxxxxxxxxxx
Previous by thread: [Full-disclosure] [SECURITY] [DSA 1386-2] New wesnoth packages fix denial of service
Next by thread: Re: [Full-disclosure] Microsoft Windows default ZIP handler bug
Index(es):
- Date
- Thread