Hacker News new | ask | show | jobs
by martey 5393 days ago
From the "Mitigating Factors" section of CVE-2011-1991:

"For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application."

Since a ZIP file would extract to a local directory, nothing would happen.
1 comments
SomeCallMeTim 5392 days ago
If you extracted the TXT+DLL locally, then you'd be vulnerable, because the problem is that the TXT file is the current directory, and something (WordPad and Notepad, maybe, or Explorer itself) is searching for a DLL that doesn't exist elsewhere on the system, and one of the places searched is the current directory.

All the stuff about WebDav being necessary for a successful attack is because they're assuming someone can't drop a DLL onto your system. But if you unzip a package with a README.txt in the same folder as a DLL you would be vulnerable.

link