There is a buffer overrun that affects winzip 6.2 through 9.0beta. This is exploitable via a carefully crafted file type (see file types below.) Vulnerability information: http://www.idefense.com/application/poi/display?id=76&type=vulnerabiliti&flashstatus=true
We are contemplating how to protect against this. 1.) Upgrade all users to Winzip 9.0. 2.) Remove attachment association from the following extensions, via mass registry hack. Which according to the winzip site, http://www.winzip.com/fmwz90.htm are these filetypes: .B64, .BHX, .HQX, .MIM, .UUE, .UU, and .XXE filetypes, 3.) Block these additional attachment types at the server. 4.) Wait for virus updates from our vendor after the fact. This just screams for a virus. I think the easiest course of action would be to: Block these file types at the mail server via extension blocking: "," These file types except for HQX are not normally sent. > WinZip MIME Parsing Buffer Overflow Vulnerability > > iDEFENSE Security Advisory 02.27.04a: > http://www.idefense.com/application/poi/display?id=76&type=vulnerabiliti&flashstatus=true > February 27, 2004 > Ideas, comments? -- Luke Computer Science System Administrator Security Administrator,College of Engineering Montana State University-Bozeman,Montana _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
