Re: Winzip vulnerability

From: S. Pidgorny (slavickp_at_yahoo.com)
Date: 03/04/04 

Date: Thu, 4 Mar 2004 19:33:44 +1100

Another point: XP's in-built ZIP folder capability isn't a version of
Winzip, AFAIK. 

-- 
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-
"Torgeir Bakken (MVP)" <Torgeir.Bakken-spam@hydro.com> wrote in message
news:404680A0.7D3AC810@hydro.com...
> Mike wrote:
>
> > This vulnerability was released on Feb 27/04 by iDefense:
> > http://eletters.eweek.com/zd1/cts?d=79-516-5-8-14720-
> > 60837-1
> >
> > Does anyone know if the vulnerability applies to WinXP's
> > ability to open and create ZIP compressed files?
>
> Hi
>
> Actually, if you read the iDefense article a bit closer, this flaw does
> not affect ZIP files, but MIME-encoded files, so I would say no, it does
> not apply to WinXP's ability to open and create ZIP compressed files.
>
> And from WinZip's Web site:
>
> WinZip 9.0 Fixes a Security Issue with MIME-Encoded Files
> http://www.winzip.com/fmwz90.htm
>
> <quote>
> Q: What types of files are affected?
>
> A: Files with the following extensions, which are by default associated
> with WinZip and which are used in connection with MIME-encoded data, are
> affected: .MIM, .UUE, .UU, .B64, .BHX, .HQX, and .XXE.
>
> Other filetypes associated with WinZip, such as .ZIP, .TAR, and .CAB, are
> not affected.
> </quote>
>
>
>
> --
> torgeir
> Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of the 1328 page
> Scripting Guide:
> http://www.microsoft.com/technet/community/scriptcenter/default.mspx
>
>

Relevant Pages

  • Re: C:WINDOWSsystem32autoexec.nt The system file is not suitabl
    ... Thanks to everyone for your prompt replies. ... > In the command prompt, type in the following two commands exactly as ... > torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway ...
    (microsoft.public.windowsxp.configuration_manage)
  • Re: Error number: 0x800A0046
    ... > newsgroup because my dialup network settings had vanished and a guy ... > Notice that the logon account is set to a NT/User account under the RPC ... > torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway ...
    (microsoft.public.windowsupdate)
  • Re: opening "owner" files after hard drive failure
    ... >> My hardrive posts a failure warning, and XP Home SP2 crashes soon after ... > that has Administrative rights to have access to the Security tab. ... > torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway ...
    (microsoft.public.windowsxp.general)
  • Re: How to find "LastLogonTime" for users
    ... Mueller [MVP] and I actually have some queries. ... if the domain functional level is set to Windows Server ... > torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway ...
    (microsoft.public.windows.server.scripting)
  • Re: Newbie Question: Registry Fix?
    ... "Torgeir Bakken (MVP)" wrote in message ... The recovery was successful". ... you need to call Microsoft Product Support Services ... -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: ...
    (microsoft.public.windowsxp.general)
Loading