[原文]The password protection option for the Compressed Folders feature in Plus! for Windows 98 and Windows Me writes password information to a file, which allows local users to recover the passwords and read the compressed folders.
Microsoft Plus! Compressed Folder Password Disclosure
Local Access Required
Loss of Confidentiality,
Loss of Integrity
Windows ME and Plus! contain a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords by reading the dynazip.log file, which may lead to a loss of confidentiality and/or integrity.
Apply the patch appropriate as listed in Microsoft Security Bulletin MS01-019, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
In addition to the patch, the file c:\windows\dynazip.log must be deleted.