Windows XP Unchecked Buffer in File Decompression Functions Vulnerability Patch

This patch addresses two vulnerabilities. An unchecked buffer exists in the program that handles the decompressing of files from a zipped file. When this program tries to open a file that has a specially malformed file name that is contained in a zipped file, Windows Explorer may fail, or an attacker may be able to run any code. This behavior creates a security vulnerability. The second vulnerability is that the decompression function may put a file in a folder that is different from, or that is a child of, the target folder that is specified by the user as the location where the decompressed ZIP files are put. This behavior may allow an attacker to put a file in a known location on the user's computer; for example, an attacker may put a program in a Startup folder.
LicenseFree
File Size372.35 kB
VersionMS02-054
Operating System Windows XP Windows
System RequirementsWindows XP

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All