10

CVE-2004-1094

EPSS 44.47%
Veröffentlicht 10.01.2005 05:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products.  NOTE: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 31

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Checkmark ≫ Checkmark Payroll Version <= 3.9.6

Checkmark ≫ Checkmark Payroll Version3.7.5

Checkmark ≫ Checkmark Payroll Version3.9.1

Checkmark ≫ Checkmark Payroll Version3.9.2

Checkmark ≫ Checkmark Payroll Version3.9.3

Checkmark ≫ Checkmark Payroll Version3.9.4

Checkmark ≫ Checkmark Payroll Version3.9.5

Checkmark ≫ Multiledger Version <= 7.0.1

Checkmark ≫ Multiledger Version6.0.3

Checkmark ≫ Multiledger Version6.0.5

Checkmark ≫ Multiledger Version7.0.0

Innermedia ≫ Dynazip Library Version5.00.00

Innermedia ≫ Dynazip Library Version5.00.01

Innermedia ≫ Dynazip Library Version5.00.02

Innermedia ≫ Dynazip Library Version5.00.03

Realnetworks ≫ Realone Player Version1.0

Realnetworks ≫ Realone Player Version2.0

Realnetworks ≫ Realplayer Version10.0

Realnetworks ≫ Realplayer Version10.0_6.0.12.690

Realnetworks ≫ Realplayer Version10.0_beta

Realnetworks ≫ Realplayer Version10.5

Realnetworks ≫ Realplayer Version10.5_6.0.12.1016_beta

Realnetworks ≫ Realplayer Version10.5_6.0.12.1040

Realnetworks ≫ Realplayer Version10.5_6.0.12.1053

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	44.47%	0.975

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

http://archives.neohapsis.com/archives/fulldisclosure/2004-10/1044.html

http://marc.info/?l=bugtraq&m=109894226007607&w=2

http://secunia.com/advisories/17096

Vendor Advisory

http://secunia.com/advisories/17394

Vendor Advisory

http://secunia.com/advisories/18194

Vendor Advisory

http://secunia.com/advisories/19451

http://securityreason.com/securityalert/296

http://securityreason.com/securityalert/653

http://securitytracker.com/id?1011944

http://securitytracker.com/id?1012297

http://securitytracker.com/id?1016817

http://service.real.com/help/faq/security/041026_player/EN/

http://www.kb.cert.org/vuls/id/582498

Third Party Advisory

US Government Resource

http://www.networksecurity.fi/advisories/dtsearch.html

Vendor Advisory

http://www.networksecurity.fi/advisories/lotus-notes.html

http://www.networksecurity.fi/advisories/mcafee-virusscan.html

http://www.networksecurity.fi/advisories/multiledger.html

http://www.networksecurity.fi/advisories/payroll.html

http://www.osvdb.org/19906

http://www.securiteam.com/windowsntfocus/6Z00W00EAM.html

http://www.securityfocus.com/archive/1/420274/100/0/threaded

http://www.securityfocus.com/archive/1/429361/100/0/threaded

http://www.securityfocus.com/archive/1/445369/100/0/threaded

http://www.securityfocus.com/bid/11555

Vendor Advisory

http://www.vupen.com/english/advisories/2005/2057

http://www.vupen.com/english/advisories/2006/1176

https://exchange.xforce.ibmcloud.com/vulnerabilities/17879

https://exchange.xforce.ibmcloud.com/vulnerabilities/22737

https://nvd.nist.gov/vuln/detail/CVE-2004-1094

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-1094

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-1094

EUVD