Vulnerability CVE-2004-1094


Published: 2005-01-10   Modified: 2012-02-12

Description:
Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products. NOTE: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same.

See advisories in our WLB2 database:
Topic
Author
Date
High
dtSearch DUNZIP32.dll Buffer Overflow Vulnerability
Juha-Matti Lauri...
25.12.2005
High
McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability
Juha-Matti Lauri...
31.03.2006

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Realnetworks -> Realone player 
Realnetworks -> Realplayer 
Innermedia -> Dynazip library 
Checkmark -> Checkmark payroll 
Checkmark -> Multiledger 

 References:
http://archives.neohapsis.com/archives/fulldisclosure/2004-10/1044.html
http://marc.info/?l=bugtraq&m=109894226007607&w=2
http://securityreason.com/securityalert/296
http://securityreason.com/securityalert/653
http://securitytracker.com/id?1011944
http://securitytracker.com/id?1012297
http://securitytracker.com/id?1016817
http://service.real.com/help/faq/security/041026_player/EN/
http://www.kb.cert.org/vuls/id/582498
http://www.networksecurity.fi/advisories/dtsearch.html
http://www.networksecurity.fi/advisories/lotus-notes.html
http://www.networksecurity.fi/advisories/mcafee-virusscan.html
http://www.networksecurity.fi/advisories/multiledger.html
http://www.networksecurity.fi/advisories/payroll.html
http://www.securiteam.com/windowsntfocus/6Z00W00EAM.html
http://www.securityfocus.com/archive/1/420274/100/0/threaded
http://www.securityfocus.com/archive/1/429361/100/0/threaded
http://www.securityfocus.com/archive/1/445369/100/0/threaded
http://www.securityfocus.com/bid/11555
http://www.vupen.com/english/advisories/2005/2057
http://www.vupen.com/english/advisories/2006/1176
https://exchange.xforce.ibmcloud.com/vulnerabilities/17879
https://exchange.xforce.ibmcloud.com/vulnerabilities/22737

Copyright 2024, cxsecurity.com

 

Back to Top