CVE - CVE-2004-1094

CVE-ID
CVE-2004-1094	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products. NOTE: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:11555 URL:http://www.securityfocus.com/bid/11555 BUGTRAQ:20041027 EEYE: RealPlayer Zipped Skin File Buffer Overflow URL:http://archives.neohapsis.com/archives/fulldisclosure/2004-10/1044.html BUGTRAQ:20041027 High Risk Vulnerability in RealPlayer URL:http://marc.info/?l=bugtraq&m=109894226007607&w=2 BUGTRAQ:20051223 dtSearch DUNZIP32.dll Buffer Overflow Vulnerability URL:http://www.securityfocus.com/archive/1/420274/100/0/threaded BUGTRAQ:20060330 McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability URL:http://www.securityfocus.com/archive/1/429361/100/0/threaded BUGTRAQ:20060906 IBM Lotus Notes DUNZIP32.dll Buffer Overflow Vulnerability URL:http://www.securityfocus.com/archive/1/445369/100/0/threaded CERT-VN:VU#582498 URL:http://www.kb.cert.org/vuls/id/582498 CONFIRM:http://service.real.com/help/faq/security/041026_player/EN/ MISC:http://www.networksecurity.fi/advisories/dtsearch.html MISC:http://www.networksecurity.fi/advisories/lotus-notes.html MISC:http://www.networksecurity.fi/advisories/mcafee-virusscan.html MISC:http://www.networksecurity.fi/advisories/multiledger.html MISC:http://www.networksecurity.fi/advisories/payroll.html MISC:http://www.securiteam.com/windowsntfocus/6Z00W00EAM.html OSVDB:19906 URL:~~http://www.osvdb.org/19906~~ (Obsolete source) SECTRACK:1011944 URL:http://securitytracker.com/id?1011944 SECTRACK:1012297 URL:http://securitytracker.com/id?1012297 SECTRACK:1016817 URL:http://securitytracker.com/id?1016817 SECUNIA:17096 URL:http://secunia.com/advisories/17096 SECUNIA:17394 URL:http://secunia.com/advisories/17394 SECUNIA:18194 URL:http://secunia.com/advisories/18194 SECUNIA:19451 URL:http://secunia.com/advisories/19451 SREASON:296 URL:http://securityreason.com/securityalert/296 SREASON:653 URL:http://securityreason.com/securityalert/653 VUPEN:ADV-2005-2057 URL:~~http://www.vupen.com/english/advisories/2005/2057~~ (Obsolete source) VUPEN:ADV-2006-1176 URL:~~http://www.vupen.com/english/advisories/2006/1176~~ (Obsolete source) XF:payroll-dunzip32-bo(22737) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/22737 XF:realplayer-dunzip32-bo(17879) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/17879
Assigning CNA
MITRE Corporation
Date Record Created
20041130	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20041130)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)