Windows compressed folders buffer overflow

2006-05-15T00:00:00
ID SAINT:A3D51DBC9CEA6F089090D0FE74CDEE4D
Type saint
Reporter SAINT Corporation
Modified 2006-05-15T00:00:00

Description

Added: 05/15/2006
CVE: CVE-2004-0575
BID: 11382
OSVDB: 10695

Background

Microsoft Windows XP and Windows Server 2003 include the ability to natively handle ZIP files.

Problem

A buffer overflow when handling compressed folders allows command execution when a specially crafted ZIP file is opened by the operating system.

Resolution

http://www.microsoft.com/technet/security/bulletin/MS04-034.mspx

References

<http://www.kb.cert.org/vuls/id/649374>
<http://www.securityfocus.com/archive/1/378309>

Limitations

Successful exploitation requires a user to save the exploit file, open it, and either copy a file into the compressed folder or delete the **deletme.txt** file from the compressed folder.

Platforms

Windows XP