ID CVE-2004-0333
Summary Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters.
References
Vulnerable Configurations
  • OpenPKG
    cpe:2.3:a:openpkg:openpkg
  • cpe:2.3:a:uudeview:uudeview:0.5.18
    cpe:2.3:a:uudeview:uudeview:0.5.18
  • cpe:2.3:a:uudeview:uudeview:0.5.19
    cpe:2.3:a:uudeview:uudeview:0.5.19
  • WinZip 7.0
    cpe:2.3:a:winzip:winzip:7.0
  • WinZip 8.0
    cpe:2.3:a:winzip:winzip:8.0
  • WinZip 8.1
    cpe:2.3:a:winzip:winzip:8.1
  • WinZip 8.1 SR1
    cpe:2.3:a:winzip:winzip:8.1:sr1
  • Gentoo Linux 1.4
    cpe:2.3:o:gentoo:linux:1.4
  • Gentoo Linux 1.4 rc1
    cpe:2.3:o:gentoo:linux:1.4:rc1
  • Gentoo Linux 1.4 rc2
    cpe:2.3:o:gentoo:linux:1.4:rc2
  • Gentoo Linux 1.4 rc3
    cpe:2.3:o:gentoo:linux:1.4:rc3
CVSS
Base: 10.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description WinZIP MIME Parsing Overflow Proof of Concept Exploit. CVE-2004-0333. Local exploit for windows platform
id EDB-ID:272
last seen 2016-01-31
modified 2004-04-15
published 2004-04-15
reporter snooq
source https://www.exploit-db.com/download/272/
title WinZIP MIME Parsing Overflow Proof of Concept Exploit
nessus via4
NASL family Gentoo Local Security Checks
NASL id GENTOO_GLSA-200403-05.NASL
description The remote host is affected by the vulnerability described in GLSA-200403-05 (UUDeview MIME Buffer Overflow) By decoding a MIME archive with excessively long strings for various parameters, it is possible to crash UUDeview, or cause it to execute arbitrary code. This vulnerability was originally reported by iDEFENSE as part of a WinZip advisory [ Reference: 1 ]. Impact : An attacker could create a specially crafted MIME file and send it via email. When recipient decodes the file, UUDeview may execute arbitrary code which is embedded in the MIME file, thus granting the attacker access to the recipient's account. Workaround : There is no known workaround at this time. As a result, a software upgrade is required and users should upgrade to uudeview 0.5.20.
last seen 2019-02-21
modified 2018-07-11
plugin id 14456
published 2004-08-30
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=14456
title GLSA-200403-05 : UUDeview MIME Buffer Overflow
refmap via4
bid 9758
cert-vn VU#116182
ciac O-092
confirm
idefense 20040227 WinZip MIME Parsing Buffer Overflow Vulnerability
osvdb 4119
secunia
  • 10995
  • 11019
xf
  • uudeview-multiple-bo(15490)
  • winzip-mime-bo(15336)
Last major update 10-09-2008 - 15:25
Published 23-11-2004 - 00:00
Last modified 10-07-2017 - 21:30
Back to Top