Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0575

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0575
Last Modified 10 Sep 2008 03:26:51
Published 03 Nov 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0575

Summary

Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.

Vulnerable Systems

Operating System

  • Microsoft Windows 2003 Server 64-bit

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows Xp


References

CERT-VN - VU#649374

XF - win-ms04034-patch(17659)

XF - win-compressed-folders-bo(17624)

MS - MS04-034

MISC - http://www.eeye.com/html/research/advisories/AD20041012A.html

CIAC - P-010

SECTRACK - 1011637

BUGTRAQ - 20041013 EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability


Last Updated: 27 May 2016 10:38:39