| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20041014135307.25533.qmail@www.securityfocus.com>
Date: 14 Oct 2004 13:53:07 -0000
From: Bipin Gautam <visitbipin@...mail.com>
To: bugtraq@...urityfocus.com
Subject: Re: EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL
Buffer Overflow Vulnerability
In-Reply-To: <19F34051C5BB60429ACD1BF01338C5987EC511@...mail01.corp.int-eeye.com>
>---Description---
>Win xp default zip manager can't handle long file names properly...
>
>---Bug Demonstration---
>Create a new file with very long file name... in your c: [ say:
>1.111111111111111111111111111111111111111111111111111111111111111111111111
>11111111111111111111111111111111111111111111111111111111111111111111111111
>11111111111111111111111111111111111111111111111111111111111111111111111111
>11111111111111111111111111111 ]
>
>[or, download] http://www.geocities.com/visitbipin/zip_long.zip
>
>Windows xp will easily allow you to create that file, now zip the file [
>above mentioned ie 1.11111111111111111111* ] using winxp default zip
>manager, [say, the new file created is 1.zip]
>But strangely, if you open the file [1.zip] with windows explorer [ie
>view it's content] You can neither see a file name nor its extension in
>the archive but simply its icon only!
>
>Moreover, windows xp doesn't allow you to delete the long file created in
>the above example, through GUI mode [...have to use command prompt] and
>end up with an error Can't delete 1 : The folder is empty. [actually its
>a file!]
http://www.securityfocus.com/archive/1/336994
before, microsoft discarded this report as a non-security issue.
Powered by blists - more mailing lists