Full Disclosure mailing list archives
Microsoft Windows default ZIP handler bug
From: "Kristian Erik Hermansen" <kristian.hermansen () gmail com>
Date: Mon, 15 Oct 2007 01:19:31 -0700
I tested this on three Windows XP machines and was able to make them all crash. There is an issue with the way Microsoft's default compressed file handler deals with embedded compressed files. I don't have much time to investigate further, since I am in Atlanta all this week for SPICON and don't have any tools on my corp laptop :-( However, I put together a Flash video showing the bug. It may not be exploitable, but I also haven't been keeping up with the latest bad pointer / alternate code path research stuff. Maybe someone can do some ninjitsu code exec using this... Video: http://kristian-hermansen.com/hacks/microsoft-windows-default-compressed-file-handler-crasher-2.swf File: http://kristian-hermansen.com/hacks/IIIIIIIIJJJJJJJJKKKKKKKKLLLLLLLL.zip -- Kristian Erik Hermansen _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Microsoft Windows default ZIP handler bug Kristian Erik Hermansen (Oct 15)
- Re: Microsoft Windows default ZIP handler bug 3APA3A (Oct 15)
- Re: Microsoft Windows default ZIP handler bug Kristian Erik Hermansen (Oct 15)
- Re: Microsoft Windows default ZIP handler bug naveed (Oct 15)
- Re: Microsoft Windows default ZIP handler bug Nicolas RUFF (Oct 31)
- Re: Microsoft Windows default ZIP handler bug 3APA3A (Oct 15)