Signature Detail

SMB: ZIP File Connection Request

This signature detects a request by a client to open a remote zip file over the SMB protocol. Requests for zip files over the LAN are likely to be legitimate, but could be an attack attempt when a client is connecting to a server on the internet. A remote server could trick a client into requesting a malformed zip file to exploit vulnerabilities in zip file parsers.

Extended Description

WinZip is reported prone to multiple unspecified buffer overflow vulnerabilities. These issues may allow a remote or local attacker to potentially execute arbitrary code on a vulnerable computer. A successful attack may allow an attacker to gain unauthorized access to a computer. The problems likely occur due to insufficient bounds checking when processing zip archives. A local buffer overflow vulnerability was reported as well. This issue can be triggered through the command line. WinZip versions 9.0 and prior are affected by these issues. Due to a lack of details, further information is not available at the moment. This BID will be updated as more information becomes available.

Affected Products

• WinZip 7.0.0
• WinZip 8.0.0
• WinZip 8.1.0
• WinZip 8.1.0 SR-1
• WinZip 9.0.0

References

• BugTraq: 11092
• CVE: CVE-2004-1465
• URL: http://www.ciac.org/ciac/bulletins/o-211.shtml
• URL: http://www.securityfocus.com/bid/11092