Reported March 2, 2001, by Defcom Labs.
VERSIONS AFFECTED
- WinZip32 8.0 for Windows 2000
- WinZip32 8.0 for Windows NT
DESCRIPTION
A buffer overrun condition exists in the WinZip32
8.0 compression utility that could let a user execute code arbitrarily within
the security context of WinZip32. This condition exists when someone uses the
utility's zip-and-email feature in Windows Explorer with an extremely long file
name.
VENDOR RESPONSE
Currently, no workaround or fix exists other than not using the program's zip-and-email feature. The vendor, WinZip Computing, Inc., has acknowledged this vulnerability and will correct it in the next release.
CREDITDiscovered by Peter Gründl.
0 comments
Hide comments