BugTraq
Back to list
|
Post reply
Re: EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability
Oct 14 2004 01:53PM
Bipin Gautam (visitbipin hotmail com)
In-Reply-To: <19F34051C5BB60429ACD1BF01338C5987EC511 (at) av-mail01.corp.int-eeye (dot) com [email concealed]>
>---Description---
>Win xp default zip manager can't handle long file names properly...
>
>---Bug Demonstration---
>Create a new file with very long file name... in your c: [ say:
>1.111111111111111111111111111111111111111111111111111111111111111111111
111
>11111111111111111111111111111111111111111111111111111111111111111111111
111
>11111111111111111111111111111111111111111111111111111111111111111111111
111
>11111111111111111111111111111 ]
>
>[or, download] http://www.geocities.com/visitbipin/zip_long.zip
>
>Windows xp will easily allow you to create that file, now zip the file [
>above mentioned ie 1.11111111111111111111* ] using winxp default zip
>manager, [say, the new file created is 1.zip]
>But strangely, if you open the file [1.zip] with windows explorer [ie
>view it's content] You can neither see a file name nor its extension in
>the archive but simply its icon only!
>
>Moreover, windows xp doesn't allow you to delete the long file created in
>the above example, through GUI mode [...have to use command prompt] and
>end up with an error Can't delete 1 : The folder is empty. [actually its
>a file!]
http://www.securityfocus.com/archive/1/336994
before, microsoft discarded this report as a non-security issue.
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
>---Description---
>Win xp default zip manager can't handle long file names properly...
>
>---Bug Demonstration---
>Create a new file with very long file name... in your c: [ say:
>1.111111111111111111111111111111111111111111111111111111111111111111111
111
>11111111111111111111111111111111111111111111111111111111111111111111111
111
>11111111111111111111111111111111111111111111111111111111111111111111111
111
>11111111111111111111111111111 ]
>
>[or, download] http://www.geocities.com/visitbipin/zip_long.zip
>
>Windows xp will easily allow you to create that file, now zip the file [
>above mentioned ie 1.11111111111111111111* ] using winxp default zip
>manager, [say, the new file created is 1.zip]
>But strangely, if you open the file [1.zip] with windows explorer [ie
>view it's content] You can neither see a file name nor its extension in
>the archive but simply its icon only!
>
>Moreover, windows xp doesn't allow you to delete the long file created in
>the above example, through GUI mode [...have to use command prompt] and
>end up with an error Can't delete 1 : The folder is empty. [actually its
>a file!]
http://www.securityfocus.com/archive/1/336994
before, microsoft discarded this report as a non-security issue.
[ reply ]