SMB: ZIP File Connection Request

This signature detects a request by a client to open a remote zip file over the SMB protocol. Requests for zip files over the LAN are likely to be legitimate, but could be an attack attempt when a client is connecting to a server on the internet. A remote server could trick a client into requesting a malformed zip file to exploit vulnerabilities in zip file parsers.

Extended Description

WinZip is reported prone to multiple unspecified buffer overflow vulnerabilities. These issues may allow a remote or local attacker to potentially execute arbitrary code on a vulnerable computer. A successful attack may allow an attacker to gain unauthorized access to a computer. The problems likely occur due to insufficient bounds checking when processing zip archives. A local buffer overflow vulnerability was reported as well. This issue can be triggered through the command line. WinZip versions 9.0 and prior are affected by these issues. Due to a lack of details, further information is not available at the moment. This BID will be updated as more information becomes available.

Affected Products

Winzip winzip

Short Name
SMB:EXT:DOT-ZIP
Severity
Warning
Recommended
False
Recommended Action
None
Category
SMB
Keywords
CVE-2004-1465 Connection File Request ZIP bid:11092
Release Date
09/16/2004
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Unknown
Vendors

Winzip

CVSS Score

3.7

Found a potential security threat?