HTTP: Windows Compressed Folder File Exploit
This signature detects attempts to exploit a known vulnerability in Microsoft Windows native compressed file handler. Attackers can send .zip files with overly long filenames to overflow the file handler and run arbitrary code.
Extended Description
Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
Affected Products
Microsoft windows_xp
References
BugTraq: 11382
CVE: CVE-2004-0575
URL: http://www.microsoft.com/technet/security/bulletin/ms04-034.mspx http://www.kb.cert.org/vuls/id/649374
Short Name
HTTP:STC:DL:WIN-MAL-COMP-FILE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2004-0575 Compressed Exploit File Folder Windows bid:11382
Release Date
11/03/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Microsoft
CVSS Score
10.0