Intrusion Prevention

MS.Dunzip32.dll.Integer.Overflow

Description

This indicates an attack attempt against an Integer Overflow vulnerability in in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition
The vulnerability is due to an error when the vulnerable application parses a ZIP file with a overlong file name. A remote attacker can exploit this issue by enticing a user to visit a Web page which contains a malicious compressed file.

Affected Products

Microsoft Windows XP and Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

For FortiGate users, turning on the IPS signature MS.Windows.Compressed.Folder.Buffer.Overflow can prevent exploitation of this vulnerability.
Apply the patches from vendor:
Microsoft Windows XP and Microsoft Windows XP Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=6B70BA00-56D1-4314-8F53-F8355A6861D3
Microsoft Windows XP 64-Bit Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=3F6896F3-F055-438D-93CE-CD15F37264CB
Microsoft Windows XP 64-Bit Edition Version 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=4B63EF24-D0E4-4005-8E23-2F5EC24BE63F
Microsoft Windows Server 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=0903569E-7F3D-4846-A1DC-78734E77D3A9
Microsoft Windows Server 2003 64-Bit Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=4B63EF24-D0E4-4005-8E23-2F5EC24BE63F

CVE References

CVE-2004-0575