Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Anyone know about gzip vulnerabilities


ghost's Avatar
0 0

I am messing around with a windows exe application. This application allows its users to add an image to their player, an avatar. I figured out that when you are in the same room as another player who has an image that image downloads to your computer. It downloads as a gzi file into the appropriate program files folder of the application. Just wondering if anyone knows of any gzip vulnerabilities and if there are any significant ones can they even be taken advantage of on a windows machine? Maybe the gzi file is executed by the application when viewing the players image. So since the gzi file is executed at some point it may be possible to execute malicious code on the computer of whoever extracts it. I believe the image itself may be unziped by the application and presented to the other players as a normal jpeg so it might be possible to execute code through your jpeg image on the victims machine, i have many questions about this also but i am going to make a thread specifically about that.


ghost's Avatar
0 0

MoshBat wrote: Only just noticed this. Had I seen it before I replied to your other, I wouldn't have bothered answering with any kind of (vague) details.

This is what you actually need: http://www.securityfocus.com/

Or this: http://bit.ly/i1agE0

k. thanks for your response.

by the way,,,,,,,,, is that a marijuana plant your trying to show off there? I sure hope not because you have really messed up if it is… I'm from California right next door to humboldt county. I have the best bud for the cheapest prices in the entire world. the best growers in the world come from right here in my back yard (in my opinion). I have a little grow going myself. Hydroponics of course, soil is just so old school. Looks like you need to purchase one of these, http://tinyurl.com/MarijuanaHelp that will help tremendously with the ease of growing (any plant at all). Anyways let me know if i can help you in any way with your little growing project. even if it isnt marijuana (your camera sucks.) i can still help Ive had experience growing everything form vegetables to opium poppies and of course my favorite marijuana. let me know.
had to throw that link in. but seriously not being a smart ass i know my way around marijuana gardening so let me know.


spyware's Avatar
Banned
0 0

Heh, amused by your reply to Moshbat. I actually found a package containing all vulnerabilities in the current version of gzip, take a gander here: http://bit.ly/dUMMXZ

PM me if you need help.


ghost's Avatar
0 0

spyware wrote: Heh, amused by your reply to Moshbat. I actually found a package containing all vulnerabilities in the current version of gzip, take a gander here: http://bit.ly/dUMMXZ

PM me if you need help.

very helpful link spyware thanks. the "GZip Long File Name Buffer Overflow Vulnerability" looks promising, ill have to checkout that site more in depth after a min. thanks a lot.


spyware's Avatar
Banned
0 0

apescanfly223 wrote: very helpful link spyware thanks. the "GZip Long File Name Buffer Overflow Vulnerability" looks promising, ill have to checkout that site more in depth after a min. thanks a lot.

Snap, what was supposed to be a witty, sharp remark about people who don't do their own study of source code turns out like this…

On the other hand, you think you can work with an exploit made public in (at least) 2001. Ha. You fool.