<<< Date Index >>>     <<< Thread Index >>>

Re: EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability



In-Reply-To: 
<19F34051C5BB60429ACD1BF01338C5987EC511@xxxxxxxxxxxxxxxxxxxxxxxxxxx>


>---Description---
>Win xp default zip manager can't handle long file names properly...
>
>---Bug Demonstration---
>Create a new file with very long file name... in your c: [ say:
>1.111111111111111111111111111111111111111111111111111111111111111111111111
>11111111111111111111111111111111111111111111111111111111111111111111111111
>11111111111111111111111111111111111111111111111111111111111111111111111111
>11111111111111111111111111111 ] 
>
>[or, download]   http://www.geocities.com/visitbipin/zip_long.zip
>
>Windows xp will easily allow you to create that file, now zip the file [ 
>above mentioned ie 1.11111111111111111111* ] using winxp default zip 
>manager, [say, the new file created is 1.zip]
>But strangely, if you open the file [1.zip] with windows explorer [ie 
>view it's content] You can neither see a file name nor its extension in 
>the archive but simply its icon only!
>
>Moreover, windows xp doesn't allow you to delete the long file created in 
>the above example, through GUI mode [...have to use command prompt] and 
>end up with an error Can't delete 1 : The folder is empty. [actually its 
>a file!]

http://www.securityfocus.com/archive/1/336994

before, microsoft discarded this report as a non-security issue.