Computer Security

Forum
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Windows ZIP folders buffer overflow
updated since 13.10.2004
Published:10.04.2009
Source:MICROSOFT
SecurityVulns ID:4087
Type:library
Level:5/10
Description:Integer overflow in DynaZip (DUNZIP32.DLL) library on oversized filename in archive.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 IBM : Lotus Notes 6.5
 CHECKMARK : MultiLedger 6.0
 INNERMEDIA : DynaZip 3.0
 INNERMEDIA : DynaZip 4.0
 INNERMEDIA : DynaZip 5.0
 MCAFEE : VirusScan 10.0
 DTSEARCH : dtSearch 7.10
 HP : OpenView Performance Agent C.04.60
 HP : OpenView Performance Agent C.04.70
 HP : OpenView Performance Agent C.04.72
CVE:CVE-2008-4420 (Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to execute arbitrary code via a long filename in a ZIP archive during a (1) Fix (aka Repair), (2) Add, (3) Update, or (4) Freshen action, a related issue to CVE-2006-3985.)
Original documentdocumentHP, [security bulletin] HPSBMA02396 SSRT080175 rev.1 - HP OpenView Performance Agent and HP Performance Agent Running on Windows, Remote Execution of Arbitrary Code (10.04.2009)
 documentJuha-Matti Laurio, IBM Lotus Notes DUNZIP32.dll Buffer Overflow Vulnerability (07.09.2006)
 documentJuha-Matti Laurio, McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability (30.03.2006)
 documentJuha-Matti Laurio, dtSearch DUNZIP32.dll Buffer Overflow Vulnerability (21.12.2005)
 documentSECURITEAM, [NT] CheckMark MultiLedger Buffer Overflow Vulnerability (DUNZIP32.dll) (31.10.2005)
 documentEEYE, [Full-Disclosure] EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability (13.10.2004)
 documentMICROSOFT, Microsoft Security Bulletin MS04-034 Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376) (13.10.2004)
Files:Microsoft Windows Vulnerability in Compressed (zipped) Folders (MS04-034) exploit
 Microsoft Security Bulletin MS04-034 Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376)
Discuss:Read or add your comments to this news (0 comments)

Show Threads
Messages
 
Login:* (Register)
Password:*
(private) To:
(reply) Subject:*
Text:

Main Forum (Eng)

General security questions not appropriate for another forums. 		3proxy Forum (Eng)

All 3proxy question must be posted to this forum. 		Bugs, Vulnerabilities, PoCs and Exploits (Eng)

All vulnerability related questions, vulnerability digging and exploit creation. 		Windows programming and administration (Eng)

Administering Windows and application development. 		Unix programming and administation (Eng)

Administering Unix and application development. 		Test forum

Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)
 3proxy Forum (Rus)
 Bugs, Vulnerabilities, PoCs and Exploits (Rus)
 Windows programming and administration (Rus)
 Unix programming and administation (Rus)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server