Summary
Two vulnerabilities exist in the Compressed Folders function:
An unchecked buffer exists in the programs that handles the decompressing of files from a zipped file. A
security vulnerability results because attempts to open a file with a specially malformed filename contained in a zipped file could possibly result in Windows Explorer failing, or in code of the attacker's choice being run.
The decompression function could place a file in a directory that was not the same as, or a child of, the target directory specified by the user as where the decompressed zip files should be placed. This could allow an attacker to put a file in a known location on the users system, such as placing a program in a
startup directory
Impact of vulnerability: Two vulnerabilities, the most serious of which could run code of attacker's choice
Maximum Severity Rating: Moderate
Recommendation: Consider applying the patch to affected systems
Affected Software:
Microsoft Windows 98 with Plus! Pack
Microsoft Windows Me
Microsoft Windows XP
See
http://www.microsoft.com/technet/security/bulletin/ms02-054.mspx
Severity
Classification
-
CVE CVE-2002-0370, CVE-2002-1139 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881)
- Active Directory Could Allow Remote Code Execution Vulnerability (957280)
- Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270)
- Cumulative Security Update for Internet Explorer (928090)
- Microsoft Distributed File System Remote Code Execution Vulnerabilities (2535512)