Question on CERT-FI and CPNI Joint Vulnerability Advisory on Archive Formats?
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Question on CERT-FI and CPNI Joint Vulnerability Advisory on Archive Formats?
- From: "James Connery" <james.j.connery@xxxxxxxxx>
- Date: Tue, 18 Mar 2008 18:37:45 -0700
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=UtvNVDJE86qpSyzxKyGE+3vUBx0DlKq+I5dFhaQ6ZAQ=; b=bVo2G0Hek+tsnwGl4s4xPz84itIj+sfMhI9Y90DSNsHpjUSyfjsT5oN0wYaq5tPo8PKMKAQ6Fu2810x55/8KPPjksCtKx8cKrRYQ6kTmMfLBnC6cWEL7OElQ5/fD754ro1W+Ggof0OFRkaidLqh/ii4AjcEJOuutVu2mPsLmcqE=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=Q0bpm/ZzayF7gJjiGd+eS95XbFO74nAbyTk8n6gtRITPf3NQzIKl3cN0cDtLCuZRXJ90HmE9Nz49lfVqy1EDDZEPGIIP955eJkKg5s+5gihFujTcFi5jGg+jB/35zxShJ+hmUgh+m+W0gsb6ttg6NwCnIZarkD02PAbHGdeJ5U0=
- List-help: <mailto:bugtraq-help@securityfocus.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:bugtraq@securityfocus.com>
- List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Hello all,
I am a bit of a confused with recent CERT advisory on archive formats.
URL: https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
In the advisory it is clearly stated that e.g. Microsoft and Apple are
not vulnerable. However after downloading the tool from PROTOS and
trying to open some of the archives on my Windows box (WinXP, latest
patches and everything) - it in lack of a better word - melts down to
the point of becoming completely unusable. I then tried these with
Apple; and again - similar results.
So I'm bit of a confused here... Can someone confirm what I am
seeing=?
PROTOS is available from below URL to try out...
URL: http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/
Cheers,
James