CVE-2002-0370

Severity

75%

Complexity

99%

Confidentiality

106%

Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0.

Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 22 years ago

2002-10-10 04:00:00

Last updated 6 years ago

2018-10-12 21:31:00

Affected Software

IBM Lotus Notes

IBM Lotus Notes 5.0

5.0

IBM Lotus Notes 5.0.1

5.0.1

IBM Lotus Notes 5.0.2

5.0.2

IBM Lotus Notes 5.0.3

5.0.3

IBM Lotus Notes 5.0.4

5.0.4

IBM Lotus Notes 5.0.5

5.0.5

IBM Lotus Notes 5.0.9a

5.0.9a

IBM Lotus Notes 5.0.10

5.0.10

IBM Lotus Notes 5.0.11

5.0.11

IBM Lotus Notes R5

r5

IBM Lotus Notes R6

r6

WinZip 7.0

7.0

Microsoft Windows 98 Plus Pack

Microsoft Windows ME

Microsoft Windows XP Professional Gold

Microsoft Windows XP Service Pack 1 Home Edition

References

20021002 R7-0004: Multiple Vendor Long ZIP Entry Filename Processing Issues

20021002 R7-0004: Multiple Vendor Long ZIP Entry Filename Processing Issues

587

http://www.info.apple.com/usen/security/security_updates.html

http://www.info-zip.org/FAQ.html

win-zip-decompression-bo(10251)

Vendor Advisory

VU#383779

Third Party Advisory, US Government Resource

5873

Patch, Vendor Advisory

MS02-054

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.