Vulnerability CVE-2002-0370


Published: 2002-10-10   Modified: 2012-02-12

Description:
Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Vulnerability in e-gold
shurik f gmail c...
16.03.2006

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Winzip -> Winzip 
Verity -> Keyview viewing sdk 
Microsoft -> Windows 98 plus pack 
Microsoft -> Windows me 
Microsoft -> Windows xp 
IBM -> Lotus notes 
Allume systems division -> Stuffit expander 

 References:
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0009.html
http://marc.info/?l=bugtraq&m=103428193409223&w=2
http://securityreason.com/securityalert/587
http://www.info-zip.org/FAQ.html
http://www.info.apple.com/usen/security/security_updates.html
http://www.iss.net/security_center/static/10251.php
http://www.kb.cert.org/vuls/id/383779
http://www.securityfocus.com/bid/5873
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054

Copyright 2021, cxsecurity.com

 

Back to Top