<<< Date Index >>>     <<< Thread Index >>>

Question on CERT-FI and CPNI Joint Vulnerability Advisory on Archive Formats?



Hello all,

I am a bit of a confused with recent CERT advisory on archive formats.

URL: https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html

In the advisory it is clearly stated that e.g. Microsoft and Apple are
not vulnerable. However after downloading the tool from PROTOS and
trying to open some of the archives on my Windows box (WinXP, latest
patches and everything) - it in lack of a better word - melts down to
 the point of becoming completely unusable. I then tried these with
Apple; and again - similar results.

So I'm bit of a confused here...  Can someone confirm what I am
seeing=?

PROTOS is available from below URL to try out...

URL: http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/

Cheers,

    James