Podatność CVE-2004-1094
Publikacja: 2005-01-10   Modyfikacja: 2012-02-12

Opis:
Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products. NOTE: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
High
dtSearch DUNZIP32.dll Buffer Overflow Vulnerability
Juha-Matti Lauri...
25.12.2005
High
McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability
Juha-Matti Lauri...
31.03.2006

Typ:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
10/10
10/10
10/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Niska
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Pełny
Pełny
Pełny
Affected software
Realnetworks -> Realone player 
Realnetworks -> Realplayer 
Innermedia -> Dynazip library 
Checkmark -> Checkmark payroll 
Checkmark -> Multiledger 

 Referencje:
http://archives.neohapsis.com/archives/fulldisclosure/2004-10/1044.html
http://marc.info/?l=bugtraq&m=109894226007607&w=2
http://securityreason.com/securityalert/296
http://securityreason.com/securityalert/653
http://securitytracker.com/id?1011944
http://securitytracker.com/id?1012297
http://securitytracker.com/id?1016817
http://service.real.com/help/faq/security/041026_player/EN/
http://www.kb.cert.org/vuls/id/582498
http://www.networksecurity.fi/advisories/dtsearch.html
http://www.networksecurity.fi/advisories/lotus-notes.html
http://www.networksecurity.fi/advisories/mcafee-virusscan.html
http://www.networksecurity.fi/advisories/multiledger.html
http://www.networksecurity.fi/advisories/payroll.html
http://www.securiteam.com/windowsntfocus/6Z00W00EAM.html
http://www.securityfocus.com/archive/1/420274/100/0/threaded
http://www.securityfocus.com/archive/1/429361/100/0/threaded
http://www.securityfocus.com/archive/1/445369/100/0/threaded
http://www.securityfocus.com/bid/11555
http://www.vupen.com/english/advisories/2005/2057
http://www.vupen.com/english/advisories/2006/1176
https://exchange.xforce.ibmcloud.com/vulnerabilities/17879
https://exchange.xforce.ibmcloud.com/vulnerabilities/22737
Copyright 2024, cxsecurity.com

 

Back to Top