Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: DUNZIP32.dll Buffer Overflow SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
DUNZIP32.dll Buffer Overflow
Full-Disclosure had an interesting note about IBM's Lotus Notes and a new buffer overflow.  The vulnerability is due to a third party dll, DUNZIP32.dll.    IBM has issued a patch for versions 6, and 7 Users using version 5 are advised not to open zip files within lotus notes. This exploit does allow an attacker to execute arbitrary code should you open an infected zip file.

Many other software packages using old versions of DUNZIP32.dll are affected by this exploit.

18 Posts
Sep 6th 2006

Sign Up for Free or Log In to start participating in the conversation!