Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Unzip of Death?

Published: 2008-03-18
Last Updated: 2008-03-18 02:30:05 UTC
by Daniel Wesemann (Version: 1)
0 comment(s)

Buffer overflows and erratic behavior in decompression routines and unpackers are nothing new really, but CERT-FI (Finland) still has added a nice twist by providing a library of "fuzzed" (deliberately and randomly wrong) archive format test files.  www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html .  The patches that F-Secure AV released earlier today seem to be related to this issue - but I frankly rather have my AV listed as "affected, patch available" than as "unknown"....

Keywords:
0 comment(s)
Diary Archives