Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0370

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0370
Last Modified 09 Jan 2015 09:59:14
Published 10 Oct 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0370

Summary

Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0.

Vulnerable Systems

Operating System

  • Microsoft Windows Me

  • Microsoft Windows Xp

Application

  • Allume Systems Division Stuffit Expander 6.5.2

  • Ibm Lotus Notes 4.5

  • Ibm Lotus Notes 5.0

  • Ibm Lotus Notes 5.0.1

  • Ibm Lotus Notes 5.0.10

  • Ibm Lotus Notes 5.0.11

  • Ibm Lotus Notes 5.0.2

  • Ibm Lotus Notes 5.0.3

  • Ibm Lotus Notes 5.0.4

  • Ibm Lotus Notes 5.0.5

  • Ibm Lotus Notes 5.0.9a

  • Ibm Lotus Notes R5

  • Ibm Lotus Notes R6

  • Microsoft Windows 98 Plus Pack

  • Verity Keyview Viewing Sdk Gold

  • Winzip 7.0


References

CERT-VN - VU#383779

BID - 5873

MS - MS02-054

XF - win-zip-decompression-bo(10251)

CONFIRM - http://www.info.apple.com/usen/security/security_updates.html

BUGTRAQ - 20021002 R7-0004: Multiple Vendor Long ZIP Entry Filename Processing Issues

SREASON - 587

CONFIRM - http://www.info-zip.org/FAQ.html


Last Updated: 27 May 2016 11:07:28