Netzip Classic ZIP file parsing buffer overflow

2011-11-04T00:00:00
ID SAINT:55D677CC4F7BC51ED5631A77540F1BD4
Type saint
Reporter SAINT Corporation
Modified 2011-11-04T00:00:00

Description

Added: 11/04/2011
BID: 46059

Background

Netzip Classic is a Windows utility for downloading and decompressing files.

Problem

A buffer overflow vulnerability allows command execution when a user opens a specially crafted ZIP file and double-clicks on the file contained in it.

Resolution

Do not use Netzip Classic to open untrusted content.

References

<http://www.securityfocus.com/bid/46059>

Limitations

Exploit works on Netzip Classic 7.5.1.86 and requires a user to open the exploit file in Netzip Classic and double-click on the listed file.

Platforms

Windows XP
Windows 7