Windows Me contains a data-compression feature called Compressed Folders. For interoperability with leading third-party compression tools, it provides a password-protection option for folders that have been compressed. However, due to a flaw in the package's implementation, the passwords used to protect the folders are recorded in a file on the user's system. If an attacker gained access to an affected machine on which password-protected folders were stored, she could learn the passwords and access the files.
The patch will prevent passwords from being written to the user's system in the future. However, as discussed in the FAQ, after applying the patch, it is important to also delete c:windowsdynazip.log to ensure that all previously-recorded passwords are deleted.
Requirements:
Windows Me
Comments not found