[24689] in bugtraq
Re: about zlib vulnerability - Microsoft products
daemon@ATHENA.MIT.EDU (Davis Ray Sickmon, Jr)
Thu Mar 14 19:53:08 2002
Message-ID: <010001c1cba7$24617bf0$842d22d0@precision>
From: "Davis Ray Sickmon, Jr" <midryder@midnightryder.com>
To: <bugtraq@securityfocus.com>
Date: Thu, 14 Mar 2002 16:25:26 -0600
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Microsoft is also using zlib in a couple of products. MS Office, IE, Front
Page, DirectX (dunno what versions yet), MSN Messenger, and the next gen GDI
on XP. Vulnerability? : "Microsoft representatives said that the software
giant's security response team is investigating the zlib flaw and that some
Microsoft applications use code from that compression library. However, the
team hasn't yet determined which applications use the library and whether
those applications are vulnerable." (From Cnet's News.Com article -
http://news.com.com/2100-1001-860328.html )
Davis Ray Sickmon, Jr
Owner, Midnight Ryder Technologies
http://www.midnightryder.com
----- Original Message -----
From: "tele" <tele@duepi.it>
To: <bugtraq@securityfocus.com>
Sent: Wednesday, March 13, 2002 5:46 PM
Subject: about zlib vulnerability
> The vulnerable zlib 1.1.3 code can be even found on the freeswan
> 1.95 source tree and previous versions, therefore there's a
> potential vulnerability at kernel level; besides at the web site
> http://www.freeswan.org the problem is not properly treated.
>
> regards,
>
> --
> eLv
>
>
