Drag And Zip File Name Handling Overflow

Medium Nessus Plugin ID 11631


Arbitrary code may be run on the remote host.


The remote host is running Drag And Zip - a file compression utility.

There is a flaw in this program which may allow a remote attacker to execute arbitrary code on this host.

To exploit this flaw, an attacker would need to craft a special Zip file and send it to a user on this host. Then, the user would need to open it using Drag And Zip.



See Also


Plugin Details

Severity: Medium

ID: 11631

File Name: dragandzip_overflow.nasl

Version: $Revision: 1.12 $

Type: local

Agent: windows

Family: Windows

Published: 2003/05/15

Modified: 2016/10/10

Dependencies: 13855

Risk Information

Risk Factor: Medium


Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Reference Information

OSVDB: 58903