 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.11148 |
| Categoría: | Windows : Microsoft Bulletins |
| Título: | Microsoft Windows Unchecked Buffer in Decompression Functions (Q329048) |
| Resumen: | Two vulnerabilities exist in the Compressed Folders function:;; An unchecked buffer exists in the programs that handles the decompressing of files from a zipped file.; A security vulnerability results because attempts to open a file with a specially malformed filename; contained in a zipped file could possibly result in Windows Explorer failing, or in code of the; attacker's choice being run.;; The decompression function could place a file in a directory that was not the same as, or a child of, the; target directory specified by the user as where the decompressed zip files should be placed. This could; allow an attacker to put a file in a known location on the users system, such as placing a program in a; startup directory |
| Descripción: | Summary: Two vulnerabilities exist in the Compressed Folders function: An unchecked buffer exists in the programs that handles the decompressing of files from a zipped file. A security vulnerability results because attempts to open a file with a specially malformed filename contained in a zipped file could possibly result in Windows Explorer failing, or in code of the attacker's choice being run. The decompression function could place a file in a directory that was not the same as, or a child of, the target directory specified by the user as where the decompressed zip files should be placed. This could allow an attacker to put a file in a known location on the users system, such as placing a program in a startup directory Vulnerability Impact: Two vulnerabilities, the most serious of which could run code of attacker's choice Affected Software/OS: - Microsoft Windows 98 with Plus! Pack - Microsoft Windows Me - Microsoft Windows XP Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2002-0370 BugTraq ID: 5873 http://www.securityfocus.com/bid/5873 Bugtraq: 20021002 R7-0004: Multiple Vendor Long ZIP Entry Filename Processing Issues (Google Search) http://marc.info/?l=bugtraq&m=103428193409223&w=2 CERT/CC vulnerability note: VU#383779 http://www.kb.cert.org/vuls/id/383779 Microsoft Security Bulletin: MS02-054 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054 http://securityreason.com/securityalert/587 http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0009.html http://www.iss.net/security_center/static/10251.php Common Vulnerability Exposure (CVE) ID: CVE-2002-1139 BugTraq ID: 5876 http://www.securityfocus.com/bid/5876 http://www.iss.net/security_center/static/10252.php |
| Copyright | Copyright (C) 2002 SECNAP Network Security, LLC |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |