Bugtraq: Re: EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability

From: Bipin Gautam <visitbipin () hotmail com>
Date: 14 Oct 2004 13:53:07 -0000

In-Reply-To: <19F34051C5BB60429ACD1BF01338C5987EC511 () av-mail01 corp int-eeye com>

---Description---
Win xp default zip manager can't handle long file names properly...

---Bug Demonstration---
Create a new file with very long file name... in your c: [ say:
1.111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111 ] 

[or, download]   http://www.geocities.com/visitbipin/zip_long.zip

Windows xp will easily allow you to create that file, now zip the file [ 
above mentioned ie 1.11111111111111111111* ] using winxp default zip 
manager, [say, the new file created is 1.zip]
But strangely, if you open the file [1.zip] with windows explorer [ie 
view it's content] You can neither see a file name nor its extension in 
the archive but simply its icon only!

Moreover, windows xp doesn't allow you to delete the long file created in 
the above example, through GUI mode [...have to use command prompt] and 
end up with an error Can't delete 1 : The folder is empty. [actually its 
a file!]


http://www.securityfocus.com/archive/1/336994

before, microsoft discarded this report as a non-security issue.

By Date By Thread

Current thread:

Re: EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability Bipin Gautam (Oct 15)