Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: DUNZIP32.dll Buffer Overflow - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
DUNZIP32.dll Buffer Overflow
Full-Disclosure had an interesting note about IBM's Lotus Notes and a new buffer overflow.  The vulnerability is due to a third party dll, DUNZIP32.dll.    IBM has issued a patch for versions 6, and 7 Users using version 5 are advised not to open zip files within lotus notes. This exploit does allow an attacker to execute arbitrary code should you open an infected zip file.

Many other software packages using old versions of DUNZIP32.dll are affected by this exploit.
Michael

18 Posts

Sign Up for Free or Log In to start participating in the conversation!