DUNZIP32.dll Buffer Overflow

Published: 2006-09-06
Last Updated: 2006-09-06 20:21:02 UTC
by Michael Haisley (Version: 1)
0 comment(s)
Full-Disclosure had an interesting note about IBM's Lotus Notes and a new buffer overflow.  The vulnerability is due to a third party dll, DUNZIP32.dll.    IBM has issued a patch for versions 6, and 7 Users using version 5 are advised not to open zip files within lotus notes. This exploit does allow an attacker to execute arbitrary code should you open an infected zip file.

Many other software packages using old versions of DUNZIP32.dll are affected by this exploit.
Keywords:
0 comment(s)

Comments


Diary Archives