Re: EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability

[bipin gautam <visitbipin () yahoo com>]

> ---Description---
> Win xp default zip manager can't handle long file
names properly...
> ---Bug Demonstration---
> Create a new file with very long file name... in your
c: [ say:
> 1.111111111111111111111111111111111111111111111111111111111111111111111111
> 11111111111111111111111111111111111111111111111111111111111111111111111111
> 11111111111111111111111111111111111111111111111111111111111111111111111111
> 11111111111111111111111111111 ] 
>
> [or, download]  
http://www.geocities.com/visitbipin/zip_long.zip
> Windows xp will easily allow you to create that file,
now zip the file [ 
> above mentioned ie 1.11111111111111111111* ] using
winxp default zip 
> manager, [say, the new file created is 1.zip]
> But strangely, if you open the file [1.zip] with
windows explorer [ie 
> view it's content] You can neither see a file name
nor its extension in 
> the archive but simply its icon only!
>
> Moreover, windows xp doesn't allow you to delete the
long file created in 
> the above example, through GUI mode [...have to use
command prompt] and 
> end up with an error Can't delete 1 : The folder is
empty. [actually its 
> a file!]

http://www.securityfocus.com/archive/1/336994


*appaulse*

before, microsoft discarded this report as a
non-security issue. Maybe, my english was too poor at
that time.


                
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html