Drag And Zip File Name Handling Overflow

medium Nessus Plugin ID 11631

Synopsis

Arbitrary code may be run on the remote host.

Description

The remote host is running Drag And Zip - a file compression utility.

There is a flaw in this program which may allow a remote attacker to execute arbitrary code on this host.

To exploit this flaw, an attacker would need to craft a special Zip file and send it to a user on this host. Then, the user would need to open it using Drag And Zip.

Solution

None

See Also

https://seclists.org/bugtraq/2003/May/118

Plugin Details

Severity: Medium

ID: 11631

File Name: dragandzip_overflow.nasl

Version: 1.14

Type: local

Agent: windows

Family: Windows

Published: 5/15/2003

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated