Secunia SmallBusiness
Products
Solutions
Customers
Partner
Resources
Company
Careers
Community

CVE Reference: CVE-2004-1094
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2004-1094

Description:
Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products. NOTE: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/17879
  http://xforce.iss.net/xforce/xfdb/22737

ST
  1011944
  1012297
  1016817

SREASON
  http://securityreason.com/securityalert/296
  http://securityreason.com/securityalert/653

SAID
  Secunia Advisory: SA17096
  Secunia Advisory: SA17394
  Secunia Advisory: SA18194
  Secunia Advisory: SA19451

OSVDB
  19906

MISC
  http://www.networksecurity.fi/advisories/lotus-notes.html
  http://www.securiteam.com/windowsntfocus/6Z00W00EAM.html
  http://www.networksecurity.fi/advisories/mcafee-virusscan.html
  http://www.networksecurity.fi/advisories/dtsearch.html
  http://www.networksecurity.fi/advisories/multiledger.html
  http://www.networksecurity.fi/advisories/payroll.html

CONFIRM
  http://service.real.com/help/faq/security/041026_player/EN/

CERT-VN
  582498

BUGTRAQ
  http://www.securityfocus.com/archive/1/archive/1/445369/100/0/threaded
  http://www.securityfocus.com/archive/1/archive/1/429361/100/0/threaded
  http://www.securityfocus.com/archive/1/archive/1/420274/100/0/threaded
  http://marc.theaimsgroup.com/?l=bugtraq&m=109894226007607&w=2
  http://archives.neohapsis.com/archives/fulldisclosure/2004-10/1044.html

BID
  11555


Return to the previous page.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom
 
© 2002-2013 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability