Vulnerabilities > CVE-2001-0152 - Unspecified vulnerability in Microsoft Plus

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

microsoft

metasploit

NVD

Published: 2001-05-03

Updated: 2018-10-12

Summary

The password protection option for the Compressed Folders feature in Plus! for Windows 98 and Windows Me writes password information to a file, which allows local users to recover the passwords and read the compressed folders.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Plus *	1

Metasploit

description	This module extracts clear text credentials from dynazip.log. The log file contains passwords used to encrypt compressed zip files in Microsoft Plus! 98 and Windows Me.
id	MSF:POST/WINDOWS/GATHER/CREDENTIALS/DYNAZIP_LOG
last seen	2020-04-11
modified	2019-01-10
published	2017-02-22
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0152 https://support.microsoft.com/en-us/kb/265131
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/post/windows/gather/credentials/dynazip_log.rb
title	Windows Gather DynaZIP Saved Password Extraction

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-019