Unchecked Buffer in Microsoft's File Decompression Functions

Reported October 2, 2002, by Microsoft.

VERSIONS AFFECTED

 

·         Windows XP

·         Windows Me

·         Windows 98 with Plus! Pack

 

DESCRIPTION

 

Two vulnerabilities exist in the Windows Compressed Folders feature, one of which might let an attacker execute arbitrary code on the vulnerable system. The first vulnerability stems from an unchecked buffer in programs that handle decompressing files from zipped files. Attempts to open a file with a specially malformed filename in a zipped file could result in Windows Explorer failing, or let an attacker run code of his or her choice on the vulnerable system.

 

The second vulnerability involves the decompression feature and could place a file in a directory that isn't the same as, or a child of, the target directory that the user specifies as the location where the decompressed zip files should be placed. As a result, an attacker could use this vulnerability to place a file in a known location on the vulnerable system, such as the startup directory.

 

VENDOR RESPONSE

 

The vendor, Microsoft, has released Security Bulletin MS02-054 (Unchecked Buffer in File Decompression Functions Could Lead to Code Execution) to address these vulnerabilities, and recommends that affected users apply the appropriate patch mentioned in the bulletin.

 

CREDIT

Joe Testa of Rapid7 Inc. and zen-parse.

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish