ID CVE-2004-0333
Summary Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters. This was fixed in WinZip 8.1 SR-2 in March of 2004. You can find more information on the subject on the following pages of the winzip site: http://www.winzip.com/wz81sr2.htm http://www.winzip.com/fmwz90.htm
References
Vulnerable Configurations
  • cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*
    cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*
  • cpe:2.3:a:uudeview:uudeview:0.5.18:*:*:*:*:*:*:*
    cpe:2.3:a:uudeview:uudeview:0.5.18:*:*:*:*:*:*:*
  • cpe:2.3:a:uudeview:uudeview:0.5.19:*:*:*:*:*:*:*
    cpe:2.3:a:uudeview:uudeview:0.5.19:*:*:*:*:*:*:*
  • cpe:2.3:a:winzip:winzip:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:winzip:winzip:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:winzip:winzip:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:winzip:winzip:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:winzip:winzip:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:winzip:winzip:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:winzip:winzip:8.1:sr1:*:*:*:*:*:*
    cpe:2.3:a:winzip:winzip:8.1:sr1:*:*:*:*:*:*
  • cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*
    cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*
  • cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*
    cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*
  • cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*
    cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*
  • cpe:2.3:o:gentoo:linux:1.4:rc3:*:*:*:*:*:*
    cpe:2.3:o:gentoo:linux:1.4:rc3:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 9758
cert-vn VU#116182
ciac O-092
confirm
idefense 20040227 WinZip MIME Parsing Buffer Overflow Vulnerability
osvdb 4119
secunia
  • 10995
  • 11019
xf
  • uudeview-multiple-bo(15490)
  • winzip-mime-bo(15336)
Last major update 11-07-2017 - 01:30
Published 23-11-2004 - 05:00
Back to Top