September 3rd, 2004, 01:05 PM
**Heads Up** WinZip Users
Even though this isn't particularly specific in it's synopsis I think that there are enough WinZip users out there to warrant a heads up....
I got this through BugTraq this morning:-
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
September 3rd, 2004, 02:24 PM
A little more info. From TruSecure.
WinZip 9.0 and prior contains multiple security issues that may allow a remote attacker to cause a buffer overflow and possibly execute arbitrary code.
The first issue is due to improper validation of command line arguments. A local attacker could submit a specially crafted command line argument to overflow a buffer and possibly execute arbitrary code.
The second issue is due to a remotely exploitable buffer. It is currently unknown how an attacker can exploit this issue to overflow the buffer and what impact it would have on the affected system.
The impact of this issue is currently unknown. It is likely that a successful exploit would lead to denial of service conditions or arbitrary code execution.
Administrators are advised to apply the patch provided by WinZip.
Users are advised to not open archives from untrusted sources.
Administrators are advised to restrict local access to trusted users.
The security vulnerability applies to the following combinations of products.
Primary Products:WinZip Computing, Inc. WinZip 6.2 | 7.0 | 8.0 | 8.1 Base, SR1 | 9.0
The mentally handicaped are persecuted in this great country, and I say rightfully so! These people are NUTS!!!!