Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability
From: bipin gautam <visitbipin () yahoo com>
Date: Thu, 14 Oct 2004 06:56:42 -0700 (PDT)



---Description---
Win xp default zip manager can't handle long file
names properly...

---Bug Demonstration---
Create a new file with very long file name... in your
c: [ say:
1.111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111 ] 

[or, download]  
http://www.geocities.com/visitbipin/zip_long.zip

Windows xp will easily allow you to create that file,
now zip the file [ 
above mentioned ie 1.11111111111111111111* ] using
winxp default zip 
manager, [say, the new file created is 1.zip]
But strangely, if you open the file [1.zip] with
windows explorer [ie 
view it's content] You can neither see a file name
nor its extension in 
the archive but simply its icon only!

Moreover, windows xp doesn't allow you to delete the
long file created in 
the above example, through GUI mode [...have to use
command prompt] and 
end up with an error Can't delete 1 : The folder is
empty. [actually its 
a file!]

http://www.securityfocus.com/archive/1/336994


*appaulse*

before, microsoft discarded this report as a
non-security issue. Maybe, my english was too poor at
that time.


                
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]