Vulnerability CVE-2004-1094


Published: 2005-01-10   Modified: 2012-02-12

Description:
Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products. NOTE: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same.

See advisories in our WLB2 database:
Topic
Author
Date
High
dtSearch DUNZIP32.dll Buffer Overflow Vulnerability
Juha-Matti Lauri...
25.12.2005
High
McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability
Juha-Matti Lauri...
31.03.2006

Type:

CWE-Other

Vendor: Checkmark
Product: Multiledger 
Version:
7.0.1
7.0.0
6.0.5
6.0.3
Product: Checkmark payroll 
Version:
3.9.6
3.9.5
3.9.4
3.9.3
3.9.2
3.9.1
3.7.5
Vendor: Innermedia
Product: Dynazip library 
Version:
5.00.03
5.00.02
5.00.01
5.00.00
Vendor: Realnetworks
Product: Realone player 
Version: 2.0; 1.0;
Product: Realplayer 
Version:
10.5_6.0.12.1053
10.5_6.0.12.1040
10.5_6.0.12.1016_beta
10.5
10.0_beta
10.0_6.0.12.690
10.0

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://archives.neohapsis.com/archives/fulldisclosure/2004-10/1044.html
http://marc.info/?l=bugtraq&m=109894226007607&w=2
http://securityreason.com/securityalert/296
http://securityreason.com/securityalert/653
http://securitytracker.com/id?1011944
http://securitytracker.com/id?1012297
http://securitytracker.com/id?1016817
http://service.real.com/help/faq/security/041026_player/EN/
http://www.kb.cert.org/vuls/id/582498
http://www.networksecurity.fi/advisories/dtsearch.html
http://www.networksecurity.fi/advisories/lotus-notes.html
http://www.networksecurity.fi/advisories/mcafee-virusscan.html
http://www.networksecurity.fi/advisories/multiledger.html
http://www.networksecurity.fi/advisories/payroll.html
http://www.securiteam.com/windowsntfocus/6Z00W00EAM.html
http://www.securityfocus.com/archive/1/420274/100/0/threaded
http://www.securityfocus.com/archive/1/429361/100/0/threaded
http://www.securityfocus.com/archive/1/445369/100/0/threaded
http://www.securityfocus.com/bid/11555
http://www.vupen.com/english/advisories/2005/2057
http://www.vupen.com/english/advisories/2006/1176
https://exchange.xforce.ibmcloud.com/vulnerabilities/17879
https://exchange.xforce.ibmcloud.com/vulnerabilities/22737

Related CVE
CVE-2018-13121
RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file.
CVE-2017-9302
RealPlayer 16.0.2.32 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp4 file.
CVE-2016-9018
Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file.
CVE-2013-2604
RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Installer) 2.6.0.481 and 3.0.7 uses weak permissions (Create Files/Write Data) for the GameHouse Games directory tree, which allows local users to gain privileges via a Trojan horse DLL...
CVE-2013-2603
The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in RealNetworks GameHouse RealArcade Installer 2.6.0.481 performs unexpected type conversions for invalid parameter types, which allows remote attackers to execute arbitrary code or cau...
CVE-2014-3113
Multiple buffer overflows in RealNetworks RealPlayer before 17.0.10.8 allow remote attackers to execute arbitrary code via a malformed (1) elst or (2) stsz atom in an MP4 file.
CVE-2014-3444
The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16.0.3.51 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (write access violation and application crash) via a malformed .3gp file.
CVE-2013-7260
Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML...

Copyright 2019, cxsecurity.com

 

Back to Top