Vulnerability: Unchecked buffer in Windows file decompression

Microsoft warns two vulnerabilities exist in the compressed folders function for Windows 98 with Plus! Pack, Windows Me and Windows XP.

These flaws include an unchecked buffer in the programs that handles the decompressing of files from a zipped file. A security vulnerability results because attempts to open a file with a specially malformed filename contained in a zipped file could possibly result in Windows Explorer failing, or in code of the attacker's choice being run.

Secondly, the decompression function could place a file in a directory that was not the same as that specified by the user for zip files. This could allow an attacker to put a file in a known location on the user's system, such as placing a program in a startup directory.

For more, see the Microsoft Web site.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Microsoft

Show Comments