DragonSoft www.dragonsoft.com Exploits out for the MS04-034, urges you to install patch Microsoft has issued "MS04-034" alert regarding a buffer overflow in software it uses to handling compressed files in the Compressed (zipped) Folders. The DUNZIP32.DLL contains an exploitable buffer overflow. A remote attackers could execute arbitrary code by creating a malicious compressed (zipped) file. This vulnerability could exploit by creating a malicious Web page or sending the malicious file to the victim in an email. Attacker would put the ZIP file to: Web site Email When victim Open the ZIP file,a stack-based buffer overflow occurs and allowing an attacker to run arbitrary code on the affected system. Relate Links: MS04-034:Windows Compressed Folder Buffer Overflow Vulnerability http://vdb.dragonsoft.com/detail.php?id=2050 Microsoft Security Bulletin MS04-034 http://www.microsoft.com/technet/security/bulletin/MS04-034.mspx Exploit: MS04-034 Exploit (WinXP) http://vdb.dragonsoft.com/exploit/MS04-034_Exploit.html Vulnerability Assessment: DragonSoft Secure Scanner - Free 15 Day Trial http://www.dragonsoft.com/english/download/ About DragonSoft Security Associates, Inc. DragonSoft Security Associates is a leading developer in Taiwan for network security software and an active contributor to network security education. Founded in 2002, DragonSoft offers vulnerability management olutions, including vulnerability assessment, System Security Management and intrusion prevention. Tel. +886-3-5630989 Fax. +886-3-5797758 6F, No. 30, Lane 607, Sec. 1, Guangfu Rd., Hsinchu, Taiwan 300. R.O.C Copyright © DragonSoft Security Associates, Inc. All Rights Reserved | About | Unsubscribe | Contact |