Bugtraq mailing list archives
Re: EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability
From: Bipin Gautam <visitbipin () hotmail com>
Date: 14 Oct 2004 13:53:07 -0000
In-Reply-To: <19F34051C5BB60429ACD1BF01338C5987EC511 () av-mail01 corp int-eeye com>
---Description--- Win xp default zip manager can't handle long file names properly... ---Bug Demonstration--- Create a new file with very long file name... in your c: [ say: 1.111111111111111111111111111111111111111111111111111111111111111111111111 11111111111111111111111111111111111111111111111111111111111111111111111111 11111111111111111111111111111111111111111111111111111111111111111111111111 11111111111111111111111111111 ] [or, download] http://www.geocities.com/visitbipin/zip_long.zip Windows xp will easily allow you to create that file, now zip the file [ above mentioned ie 1.11111111111111111111* ] using winxp default zip manager, [say, the new file created is 1.zip] But strangely, if you open the file [1.zip] with windows explorer [ie view it's content] You can neither see a file name nor its extension in the archive but simply its icon only! Moreover, windows xp doesn't allow you to delete the long file created in the above example, through GUI mode [...have to use command prompt] and end up with an error Can't delete 1 : The folder is empty. [actually its a file!]
http://www.securityfocus.com/archive/1/336994 before, microsoft discarded this report as a non-security issue.
Current thread:
- Re: EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability Bipin Gautam (Oct 15)