Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Vulnerability in WinZip password protection ?

From: "Abel, Chris" <Chris.Abel () mfn com>
Date: Sat, 16 Mar 2002 14:35:39 -0500
I think this is more of a design issue then a vulnerability of sorts.  When
you open a file directly from with in it's zip file, Windows actually
extracts that file first and spools it to your temp directory.  If you close
the file as stated below, before closing the zip file, the spooled version
of the file in your temp directory is deleted.  If you close the zip file
before the spooled file, WinZip should warn you that you are closing the
archive with the file open and it will not be able to remove it once you are
done.  I'm I making sense?

-----Original Message-----
From: Kerozene [mailto:kerozene () phreaker net]
Sent: Thursday, March 14, 2002 7:24 PM
To: vuln-dev () securityfocus com
Cc: bugtraq () securityfocus com; security () microsoft com
Subject: Vulnerability in winzip password protection ?


Vulnerability in all winzip versions?:
Author: Pablo Sabbatella
Site: www.hackemate.com.ar
Date: 14-03-2002

   I dont know if this a security bug, vulnerability
or whatever, but I found it was pretty dangerous. Lets
suppouse we want to secure the file secret.txt, so we
zip it with winzip and choose to protect it with a
password we only know. We save it and then one day we
decide to access it, so we open it, we enter the password,
it opens secret.txt, we close Winzip and we visualize the
file that we had protected before. After watching it, we
close it and get to another thing. Well, this proccess seems
quite common, but if you open a passworded file and you close
Winzip before closing the file, that file will be stored with
NO PASSWORD PROTECTION in C:\Windows\Temp or your predeterminated
Temp directory.
     This only affects users who sahre the computer with others,
and paranoic :).

Possible fixes: - DonĀ“t close winzip till you finish with the secured
                  file
                - Empty Temp Directory after each session in Winzip
                  with passworded files
                - Microsoft, could make a patch for those files to be
                  automaticaly deleted or not stored in Temp
                  directory.

Greetz to you all guys

Pablo Sabbatella
sabbatella () hackemate com ar
www.Hackemate.com.ar
ICQ: 126270302
Previous By Date Next
Previous By Thread Next

Current thread: