Jump to content

Archived

This topic is now archived and is closed to further replies.

100

zip bombs with zip64 not detected

Recommended Posts

Because of this article I have downloaded the three Zip archives:

https://www.bamsoftware.com/hacks/zipbomb/

Only zblg.zip was detected as a zip bomb by Eset after the download and therefore deleted. zbsm.zip was probably too small, but zbxl.zip was probably not recognized because of zip64. 7-zip can do zip64, but of course I won't open it and don't have the courage to do a context scan with Eset.

Share this post


Link to post
Share on other sites
3 hours ago, 100 said:

but zbxl.zip was probably not recognized because of zip64. 7-zip can do zip64, but of course I won't open it and don't have the courage to do a context scan with Eset.

Someone will have to run it on a lab test device or in a VM and see what happens.

Share this post


Link to post
Share on other sites

Yes, the Eset lab could do it. ;-)

Share this post


Link to post
Share on other sites
On 7/11/2019 at 12:52 PM, 100 said:

but zbxl.zip was probably not recognized

It's detected now:

Eset_Zipbomb.png.ebb558a59b333e3b106643fac3a43886.png

 

Share this post


Link to post
Share on other sites

Yes, I can confirm the detection. I also use Firefox, but inside Sandboxie and the SSL/TLS filter no longer works if Firefox is inside Sandboxie.

https://community.sophos.com/products/sandboxie/f/sandboxie-forum/113772/ssl-filtering-with-eset-doesn-t-work-with-firefox-67-0-x-in-sandboxie

But the file was detected and deleted during the download. :-)

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...