Threat Level: green Handler on Duty: Yee Ching Tok

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

DUNZIP32.dll Buffer Overflow

Published: 2006-09-06
Last Updated: 2006-09-06 20:21:02 UTC
by Michael Haisley (Version: 1)
0 comment(s)
Full-Disclosure had an interesting note about IBM's Lotus Notes and a new buffer overflow.  The vulnerability is due to a third party dll, DUNZIP32.dll.    IBM has issued a patch for versions 6, and 7 Users using version 5 are advised not to open zip files within lotus notes. This exploit does allow an attacker to execute arbitrary code should you open an infected zip file.

Many other software packages using old versions of DUNZIP32.dll are affected by this exploit.
Keywords:
0 comment(s)
Diary Archives