CVE-2002-0370

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2002-0370
Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0009.html
http://marc.info/?l=bugtraq&m=103428193409223&w=2
http://securityreason.com/securityalert/587
http://www.info-zip.org/FAQ.html
http://www.info.apple.com/usen/security/security_updates.html
http://www.iss.net/security_center/static/10251.php Vendor Advisory
http://www.kb.cert.org/vuls/id/383779 Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/5873 Patch Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:allume_systems_division:stuffit_expander:6.5.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:5.0.9a:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:r5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:r6:*:*:*:*:*:*:*
cpe:2.3:a:verity:keyview_viewing_sdk:gold:*:*:*:*:*:*:*
cpe:2.3:a:winzip:winzip:7.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:microsoft:windows_98_plus_pack:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
History

No history.

Information

Published : 2002-10-10 04:00

Updated : 2024-02-04 16:31

NVD link : CVE-2002-0370

Mitre link : CVE-2002-0370

CVE.ORG link : CVE-2002-0370

JSON object : View

Products Affected

verity

  • keyview_viewing_sdk

microsoft

  • windows_me
  • windows_xp
  • windows_98_plus_pack

allume_systems_division

  • stuffit_expander

ibm

  • lotus_notes

winzip

  • winzip
CWE
NVD-CWE-Other