For this vulnerability to be exploited, a user would have to receive a zipped file from an attacker, store it locally, and attempt to decompress the zipped file. The above assessment is based on the types of systems affected by the vulnerability, their typical deployment patterns, and the effect that exploiting the vulnerability would have on them. Incorrect Target Path for Zipped File Decompression Users who had not installed this feature would not be vulnerable.
#Windows 98 zip archiver code#
A security vulnerability results because attempts to open a file with a specially malformed filename contained in a zipped file could possibly result in Windows Explorer failing, or in code of the attacker's choice being run. An unchecked buffer exists in the programs that handles the decompressing of files from a zipped file.Two vulnerabilities exist in the Compressed Folders function: The Compressed Folders feature can be used to create, add files to, and extract files from zipped files. On Windows 98 with Plus! Pack, Windows Me and Windows XP, the Compressed Folders feature allows zipped files to be treated as folders. This is accomplished by compressing the files that are put into in the zipped file. zipextension) provide a means to store information in a way that uses less space on a hard disk.
#Windows 98 zip archiver Patch#
Two vulnerabilities, the most serious of which could run code of attacker's choiceĬonsider applying the patch to affected systems Published: Octo| Updated: February 28, 2003Ĭustomers using Microsoft® Windows® 98 with Plus! Pack, Windows Me, or Windows XP Security Bulletin Microsoft Security Bulletin MS02-054 - Important Unchecked Buffer in File Decompression Functions Could Lead to Code Execution (Q329048)
0 kommentar(er)
