Re: EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability

[Bipin Gautam <visitbipin () hotmail com>]

In-Reply-To: <19F34051C5BB60429ACD1BF01338C5987EC511 () av-mail01 corp int-eeye com>


> ---Description---
> Win xp default zip manager can't handle long file names properly...
>
> ---Bug Demonstration---
> Create a new file with very long file name... in your c: [ say:
> 1.111111111111111111111111111111111111111111111111111111111111111111111111
> 11111111111111111111111111111111111111111111111111111111111111111111111111
> 11111111111111111111111111111111111111111111111111111111111111111111111111
> 11111111111111111111111111111 ] 
>
> [or, download]   http://www.geocities.com/visitbipin/zip_long.zip
>
> Windows xp will easily allow you to create that file, now zip the file [ 
> above mentioned ie 1.11111111111111111111* ] using winxp default zip 
> manager, [say, the new file created is 1.zip]
> But strangely, if you open the file [1.zip] with windows explorer [ie 
> view it's content] You can neither see a file name nor its extension in 
> the archive but simply its icon only!
>
> Moreover, windows xp doesn't allow you to delete the long file created in 
> the above example, through GUI mode [...have to use command prompt] and 
> end up with an error Can't delete 1 : The folder is empty. [actually its 
> a file!]

http://www.securityfocus.com/archive/1/336994

before, microsoft discarded this report as a non-security issue.