RE: WinZip

[kquest () toplayer com]

I just got an insulting email from
one of the list users where I was called
a moron. It's amazing... I was simply asking
what other people knew about the bug
without claiming to know much myself.
All I know came from the following links:

http://isc.sans.org/diary.php?date=2004-09-02
http://secunia.com/advisories/12430/
http://www.securitytracker.com/alerts/2004/Sep/1011132.html

They claim that remote code execution is possible
and that it's a "highly critical" bug. Given
that the install base is high and that most
people don't update WinZip, I indicated that there's
a potential, at least in theory, for something
pretty bad to happen and asked what other people
thought or knew about it. I'm sure somebody is
trying to reverse engineer the patch as I'm 
typing this.  

Kyle

-----Original Message-----
From: Kyle Quest x 142 
Sent: Friday, September 03, 2004 11:58 AM
To: 'Anton A. Chuvakin'; Kyle Quest x 142
Cc: dailydave () lists immunitysec com
Subject: RE: [Dailydave] WinZip


I don't know the details, so it's hard to say...
Either way, I didn't mean to imply that it would
propagate without any user intervention. Users
would still have to click on a zip attachment,
but then again... look at MyDoom and Beagle.
They seem to do pretty good.

I'm simply curious what other people heard 
about this beast :-)

Kyle
-----Original Message-----
From: Anton A. Chuvakin [mailto:anton () chuvakin org]
Sent: Friday, September 03, 2004 11:47 AM
To: kquest () toplayer com
Cc: dailydave () lists immunitysec com
Subject: Re: [Dailydave] WinZip


> bothers to update it. It has "a major worm" written all over it :-)
Really? I somehow doubt that. It doesn't feel wormable to me.

-- 
Anton A. Chuvakin, Ph.D., GCIA, GCIH
     http://www.info-secure.org
   http://www.securitywarrior.com
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave