Bugtraq mailing list archives

Re: about zlib vulnerability - Microsoft products

From: "Davis Ray Sickmon, Jr" <midryder () midnightryder com>
Date: Thu, 14 Mar 2002 16:25:26 -0600

Microsoft is also using zlib in a couple of products.  MS Office, IE, Front
Page, DirectX (dunno what versions yet), MSN Messenger, and the next gen GDI
on XP.  Vulnerability? : "Microsoft representatives said that the software
giant's security response team is investigating the zlib flaw and that some
Microsoft applications use code from that compression library. However, the
team hasn't yet determined which applications use the library and whether
those applications are vulnerable." (From Cnet's News.Com article -
http://news.com.com/2100-1001-860328.html )

Davis Ray Sickmon, Jr
Owner, Midnight Ryder Technologies
http://www.midnightryder.com

----- Original Message -----
From: "tele" <tele () duepi it>
To: <bugtraq () securityfocus com>
Sent: Wednesday, March 13, 2002 5:46 PM
Subject: about zlib vulnerability

The vulnerable zlib 1.1.3 code can be even found on the freeswan
1.95 source tree and previous versions, therefore there's a
potential vulnerability at kernel level; besides at the web site
http://www.freeswan.org the problem is not properly treated.

regards,

--
eLv

Current thread:

about zlib vulnerability tele (Mar 14)
- Re: about zlib vulnerability Paul Wouters (Mar 14)
- Re: about zlib vulnerability - Microsoft products Davis Ray Sickmon, Jr (Mar 14)