SAINT top bar Go to home page Search this site Contact SAINT Corporation
SAINT logo







 

 

 

 

 

Windows compressed folders buffer overflow

Added: 05/15/2006
CVE: CVE-2004-0575
BID: 11382
OSVDB: 10695

Background

Microsoft Windows XP and Windows Server 2003 include the ability to natively handle ZIP files.

Problem

A buffer overflow when handling compressed folders allows command execution when a specially crafted ZIP file is opened by the operating system.

Resolution

http://www.microsoft.com/technet/security/bulletin/MS04-034.mspx

References

http://www.kb.cert.org/vuls/id/649374
http://www.securityfocus.com/archive/1/378309

Limitations

Successful exploitation requires a user to save the exploit file, open it, and either copy a file into the compressed folder or delete the deletme.txt file from the compressed folder.

Platforms

Windows XP

Back to exploit index
  Copyright SAINT Corporation. All Rights Reserved. Privacy information Legal information Site map