fkie_cve-2004-0333
Vulnerability from fkie_nvd
Published
2004-11-23 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters.
References
cve@mitre.orghttp://secunia.com/advisories/10995
cve@mitre.orghttp://secunia.com/advisories/11019
cve@mitre.orghttp://www.ciac.org/ciac/bulletins/o-092.shtml
cve@mitre.orghttp://www.idefense.com/application/poi/display?id=76&type=vulnerabiliti&flashstatus=true
cve@mitre.orghttp://www.kb.cert.org/vuls/id/116182Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.openpkg.org/security/OpenPKG-SA-2004.006-uudeview.html
cve@mitre.orghttp://www.osvdb.org/4119
cve@mitre.orghttp://www.securityfocus.com/bid/9758Exploit, Patch, Vendor Advisory
cve@mitre.orghttp://www.winzip.com/fmwz90.htm
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/15336
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/15490
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/10995
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/11019
af854a3a-2127-422b-91ae-364da2661108http://www.ciac.org/ciac/bulletins/o-092.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.idefense.com/application/poi/display?id=76&type=vulnerabiliti&flashstatus=true
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/116182Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.openpkg.org/security/OpenPKG-SA-2004.006-uudeview.html
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/4119
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/9758Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.winzip.com/fmwz90.htm
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/15336
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/15490
Impacted products
Vendor Product Version
openpkg openpkg *
uudeview uudeview 0.5.18
uudeview uudeview 0.5.19
winzip winzip 7.0
winzip winzip 8.0
winzip winzip 8.1
winzip winzip 8.1
gentoo linux 1.4
gentoo linux 1.4
gentoo linux 1.4
gentoo linux 1.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F74941A0-97CA-44D4-B55B-9224F051D40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:uudeview:uudeview:0.5.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6C944B6-112F-4914-8FAB-412C292776AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:uudeview:uudeview:0.5.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6CFEE2D-B4A2-4F63-8AC0-304A556FFD82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winzip:winzip:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2ACBE01-B77A-4D09-8FB3-D6365786C44F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winzip:winzip:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDE7DCD6-90B3-4259-9BE6-B9F7A30A64AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winzip:winzip:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4088C545-249E-47AD-8BF8-A6A2E5B2BF18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:winzip:winzip:8.1:sr1:*:*:*:*:*:*",
              "matchCriteriaId": "3533CE02-6CC0-4E64-B604-BAA131042C7A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D1FD0EB4-E744-4465-AFEE-A3C807C9C993",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "1D866A7D-F0B9-4EA3-93C6-1E7C2C2A861F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:gentoo:linux:1.4:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "57772E3B-893C-408A-AA3B-78C972ED4D5E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters."
    }
  ],
  "evaluatorSolution": "This was fixed in WinZip 8.1 SR-2 in March of 2004. You can find more information on the subject on the following pages of the winzip site:\r\nhttp://www.winzip.com/wz81sr2.htm\r\nhttp://www.winzip.com/fmwz90.htm",
  "id": "CVE-2004-0333",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-11-23T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/10995"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/11019"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ciac.org/ciac/bulletins/o-092.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.idefense.com/application/poi/display?id=76\u0026type=vulnerabiliti\u0026flashstatus=true"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/116182"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openpkg.org/security/OpenPKG-SA-2004.006-uudeview.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/4119"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/9758"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.winzip.com/fmwz90.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15336"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15490"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/10995"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/11019"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ciac.org/ciac/bulletins/o-092.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.idefense.com/application/poi/display?id=76\u0026type=vulnerabiliti\u0026flashstatus=true"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/116182"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openpkg.org/security/OpenPKG-SA-2004.006-uudeview.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/4119"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/9758"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.winzip.com/fmwz90.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15336"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15490"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.