[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability
From: Bipin Gautam <visitbipin@xxxxxxxxxxx>
Date: 14 Oct 2004 13:53:07 -0000

In-Reply-To: 
<19F34051C5BB60429ACD1BF01338C5987EC511@xxxxxxxxxxxxxxxxxxxxxxxxxxx>


>---Description---
>Win xp default zip manager can't handle long file names properly...
>
>---Bug Demonstration---
>Create a new file with very long file name... in your c: [ say:
>1.111111111111111111111111111111111111111111111111111111111111111111111111
>11111111111111111111111111111111111111111111111111111111111111111111111111
>11111111111111111111111111111111111111111111111111111111111111111111111111
>11111111111111111111111111111 ] 
>
>[or, download]   http://www.geocities.com/visitbipin/zip_long.zip
>
>Windows xp will easily allow you to create that file, now zip the file [ 
>above mentioned ie 1.11111111111111111111* ] using winxp default zip 
>manager, [say, the new file created is 1.zip]
>But strangely, if you open the file [1.zip] with windows explorer [ie 
>view it's content] You can neither see a file name nor its extension in 
>the archive but simply its icon only!
>
>Moreover, windows xp doesn't allow you to delete the long file created in 
>the above example, through GUI mode [...have to use command prompt] and 
>end up with an error Can't delete 1 : The folder is empty. [actually its 
>a file!]

http://www.securityfocus.com/archive/1/336994

before, microsoft discarded this report as a non-security issue.

Prev by Date: Writing Trojans that bypass Windows XP Service Pack 2 Firewall
Next by Date: Re: Insecure Default Service DACL's in Windows 2003
Previous by thread: RE: Writing Trojans that bypass Windows XP Service Pack 2 Firewall
Next by thread: Microsoft Windows NetDDE Service Buffer Overflow
Index(es):
- Date
- Thread