|
Various Products ZIP Archive Processing Buffer Overflow
|
|
|
|
|
Secunia Advisory:
|
SA7211
|
|
|
Release Date:
|
2002-10-03
|
|
Last Update:
|
2005-08-22
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | IBM Lotus Notes 4.x
IBM Lotus Notes 5.x
IBM Lotus Notes 6.x
Stuffit 6
Verity KeyView Viewer SDK 7.x
|
| | CVE reference: | CVE-2002-0370 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Rapid7 has reported a vulnerability in various products, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error within the handling of filenames and can be exploited to cause a buffer overflow via a ZIP archive containing a filename with an overly long filename.
Successful exploitation allows execution of arbitrary code.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution:
Stuffit:
Upgrade to version 7 or later.
Lotus Notes:
Update to Lotus Notes 5.0.12 or R6 Gold.
Verity KeyView Viewing SDK:
A fix is available for version 7.0.
Provided and/or discovered by:
Rapid7
Changelog:
2005-08-22: Updated advisory.
Original Advisory:
Rapid7:
http://www.rapid7.com/advisories/R7-0004.html
Other References:
US-CERT VU#383779:
http://www.kb.cert.org/vuls/id/383779
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
19 Related Secunia Security Advisories, displaying 10
|
|
|
1. IBM Lotus Notes Java Plug-in Sandbox Security Bypass
|
|
2. IBM Lotus Notes Java Applet Signature Execution Control List Security Bypass
|
|
3. Lotus Notes Multiple Keyview Parsing Vulnerabilities
|
|
4. Autonomy Keyview SDK Multiple Buffer Overflows
|
|
5. Autonomy Keyview SDK Lotus 1-2-3 File Viewer Buffer Overflows
|
|
6. IBM Lotus Notes 5 / 6 Lotus 1-2-3 File Viewer Buffer Overflows
|
|
7. Verity Keyview SDK Multiple Vulnerabilities
|
|
8. IBM Lotus Notes Multiple Vulnerabilities
|
|
9. Lotus Notes Deleted Mail Recipient Security Issue
|
|
10. IBM Lotus Notes Insecure Default Directory Permissions
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
