Reported March 2, 2001, by Defcom Labs.
- WinZip32 8.0 for Windows 2000
- WinZip32 8.0 for Windows NT
A buffer overrun condition exists in the WinZip32 8.0 compression utility that could let a user execute code arbitrarily within the security context of WinZip32. This condition exists when someone uses the utility's zip-and-email feature in Windows Explorer with an extremely long file name.
Currently, no workaround or fix exists other than not using the program's zip-and-email feature. The vendor, WinZip Computing, Inc., has acknowledged this vulnerability and will correct it in the next release.CREDIT
Discovered by Peter Gründl.