Security Flaw in Zip files

[piaqt]

<img src=topics/virus.jpg align=right>Antivirus scanners can be conned by ZIP files with excessively long names. And the code that makes it possible has been copied and incorporated by seemingly every big-name software company under the sun--not to mention its widespread use in security product update services.

This vulnerability was discovered by Mark Tesla and Chad Loder of Rapid7, a security software and consulting company that has created ZIP files that test how well different products deal with the long filenames the ZIP specification allows--and the news isn't encouraging.

Source: ZDNet TechUpdate