• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Multiple Vendor ZIP Files Long Filename Buffer Overflow Vulnerability

A vulnerability has been reported that affects many libraries and applications that decompress ZIP files.

Reportedly, some clients behave unpredictably upon processing ZIP files that contain files with overly long names. The vulnerability has different effects depending on the decompression utility.

The effects of this vulnerability typically result in the client crashing and, in some situations, there exists a possibility for code execution.