Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0333

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0333
Last Modified 10 Sep 2008 03:25:52
Published 23 Nov 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0333

Summary

Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters.

Vulnerable Systems

Operating System

  • Gentoo Linux 1.4

Application

  • Openpkg

  • Uudeview 0.5.18

  • Uudeview 0.5.19

  • Winzip 7.0

  • Winzip 8.0

  • Winzip 8.1


References

CERT-VN - VU#116182

BID - 9758

XF - uudeview-multiple-bo(15490)

XF - winzip-mime-bo(15336)

CONFIRM - http://www.winzip.com/fmwz90.htm

OSVDB - 4119

CONFIRM - http://www.openpkg.org/security/OpenPKG-SA-2004.006-uudeview.html

IDEFENSE - 20040227 WinZip MIME Parsing Buffer Overflow Vulnerability

CIAC - O-092

SECUNIA - 11019

SECUNIA - 10995


Last Updated: 27 May 2016 10:38:34