Re: Winzip vulnerability
From: Torgeir Bakken (MVP) (Torgeir.Bakken-spam_at_hydro.com)
Date: 03/04/04
- Next message: PA Bear: "Re: Security update 823559"
- Previous message: Mark Hennings: "Re: Help needed with Norton 2002"
- In reply to: Mike: "Winzip vulnerability"
- Next in thread: S. Pidgorny
: "Re: Winzip vulnerability" - Reply: S. Pidgorny
: "Re: Winzip vulnerability" - Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 04 Mar 2004 02:04:32 +0100
Mike wrote:
> This vulnerability was released on Feb 27/04 by iDefense:
> http://eletters.eweek.com/zd1/cts?d=79-516-5-8-14720-
> 60837-1
>
> Does anyone know if the vulnerability applies to WinXP's
> ability to open and create ZIP compressed files?
Hi
Actually, if you read the iDefense article a bit closer, this flaw does
not affect ZIP files, but MIME-encoded files, so I would say no, it does
not apply to WinXP's ability to open and create ZIP compressed files.
And from WinZip's Web site:
WinZip 9.0 Fixes a Security Issue with MIME-Encoded Files
http://www.winzip.com/fmwz90.htm
<quote>
Q: What types of files are affected?
A: Files with the following extensions, which are by default associated
with WinZip and which are used in connection with MIME-encoded data, are
affected: .MIM, .UUE, .UU, .B64, .BHX, .HQX, and .XXE.
Other filetypes associated with WinZip, such as .ZIP, .TAR, and .CAB, are
not affected.
</quote>
-- torgeir Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/community/scriptcenter/default.mspx
- Next message: PA Bear: "Re: Security update 823559"
- Previous message: Mark Hennings: "Re: Help needed with Norton 2002"
- In reply to: Mike: "Winzip vulnerability"
- Next in thread: S. Pidgorny
: "Re: Winzip vulnerability" - Reply: S. Pidgorny
: "Re: Winzip vulnerability" - Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
