Re: [Full-Disclosure] EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability

From: bipin gautam (
Date: 10/14/04

  • Next message: Luke Macken: "[Full-Disclosure] [ GLSA 200410-12 ] WordPress: HTTP response splitting and XSS vulnerabilities"
    To: Derek Soeder <>
    Date: Thu, 14 Oct 2004 06:56:42 -0700 (PDT)

    >Win xp default zip manager can't handle long file
    names properly...
    >---Bug Demonstration---
    >Create a new file with very long file name... in your
    c: [ say:
    >11111111111111111111111111111 ]
    >[or, download]
    >Windows xp will easily allow you to create that file,
    now zip the file [
    >above mentioned ie 1.11111111111111111111* ] using
    winxp default zip
    >manager, [say, the new file created is]
    >But strangely, if you open the file [] with
    windows explorer [ie
    >view it's content] You can neither see a file name
    nor its extension in
    >the archive but simply its icon only!
    >Moreover, windows xp doesn't allow you to delete the
    long file created in
    >the above example, through GUI mode [...have to use
    command prompt] and
    >end up with an error Can't delete 1 : The folder is
    empty. [actually its
    >a file!]


    before, microsoft discarded this report as a
    non-security issue. Maybe, my english was too poor at
    that time.

    Do you Yahoo!?
    Yahoo! Mail Address AutoComplete - You start. We finish.

    Full-Disclosure - We believe in it.

  • Next message: Luke Macken: "[Full-Disclosure] [ GLSA 200410-12 ] WordPress: HTTP response splitting and XSS vulnerabilities"

    Relevant Pages

    • Re: What do you consider the best recipe software for Windows?
      ... months ago a Windows XP SP3 patch knocked out a string needed for the ... has come up with a patch... ... *Having* to join some yahoo discussion group ... I did pay for my software as I'm sure others did, but lots of people pay for "free" software by making donations to the developers. ...
    • Re: How to uninstall IE6 for XP
      ... I had disabled the Yahoo popup blocker, ... How to Reinstall or Repair Internet Explorer and Outlook Express in Windows ... you cannot 'uninstall' IE if you have Windows XP. ... >> something like Yahoo Companion, Google toolbar, MSN toolbar, a>> firewall, ...
    • Re: Microsoft geht es immer schlechter
      ... Was interessiert mich die Bewertung von Managern, ... und 40 Milliarden US$ für die Übernahme von Yahoo fallen auch nicht ... Mit dem aktüllen Windows Vista ...
    • Re: Error message 0x800CCC0f
      ... So it maybe some issue with that ver of windows. ... I got a hold of a tech from AT&T Yahoo ... patch to fix port 465 I didn't find one. ... Subject 'test', Account: '', Server: ...
    • Re: IE problem: Unable to use Google , yahoo and other search bars in IE...
      ... Tell the user he/she should /only/ get his/her updates via Windows ... PA Bear: Thank You for the sites you sent; ... > checking out those hijack type sites ... >> useable except that they cannot click on the search bar on google yahoo ...