Vulnerability Details : CVE-2004-1094
Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products. NOTE: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same.
Vulnerability category: OverflowExecute code
Products affected by CVE-2004-1094
- cpe:2.3:a:realnetworks:realplayer:10.0_beta:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1016_beta:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1053:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realplayer:10.0_6.0.12.690:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:checkmark:checkmark_payroll:*:*:*:*:*:*:*:*
- cpe:2.3:a:checkmark:checkmark_payroll:3.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:checkmark:checkmark_payroll:3.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:checkmark:checkmark_payroll:3.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:checkmark:checkmark_payroll:3.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:checkmark:checkmark_payroll:3.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:checkmark:checkmark_payroll:3.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:checkmark:multiledger:*:*:*:*:*:*:*:*
- cpe:2.3:a:checkmark:multiledger:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:checkmark:multiledger:6.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:checkmark:multiledger:6.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:innermedia:dynazip_library:5.00.02:*:*:*:*:*:*:*
- cpe:2.3:a:innermedia:dynazip_library:5.00.03:*:*:*:*:*:*:*
- cpe:2.3:a:innermedia:dynazip_library:5.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:innermedia:dynazip_library:5.00.01:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-1094
53.52%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-1094
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2004-1094
-
http://secunia.com/advisories/17394
Vendor Advisory
-
http://www.networksecurity.fi/advisories/lotus-notes.html
-
http://www.securityfocus.com/archive/1/445369/100/0/threaded
-
http://www.networksecurity.fi/advisories/multiledger.html
Network Security: Recent Security Research
-
http://archives.neohapsis.com/archives/fulldisclosure/2004-10/1044.html
-
http://service.real.com/help/faq/security/041026_player/EN/
Home to the video player and downloader, RealPlayer from RealNetworks
-
http://securityreason.com/securityalert/296
dtSearch DUNZIP32.dll Buffer Overflow Vulnerability - CXSecurity.com
-
http://www.securityfocus.com/archive/1/420274/100/0/threaded
-
http://www.securityfocus.com/archive/1/429361/100/0/threaded
-
http://www.vupen.com/english/advisories/2005/2057
Site en construction
-
http://www.osvdb.org/19906
-
http://www.vupen.com/english/advisories/2006/1176
Site en construction
-
http://www.securityfocus.com/bid/11555
Vendor Advisory
-
http://www.networksecurity.fi/advisories/dtsearch.html
Vendor Advisory
-
http://www.networksecurity.fi/advisories/mcafee-virusscan.html
-
http://www.securiteam.com/windowsntfocus/6Z00W00EAM.html
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/17879
-
http://marc.info/?l=bugtraq&m=109894226007607&w=2
'High Risk Vulnerability in RealPlayer' - MARC
-
http://securityreason.com/securityalert/653
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/22737
-
http://www.kb.cert.org/vuls/id/582498
Third Party Advisory;US Government Resource
-
http://securitytracker.com/id?1016817
-
http://secunia.com/advisories/19451
About Secunia Research | Flexera
-
http://securitytracker.com/id?1011944
-
http://secunia.com/advisories/17096
About Secunia Research | FlexeraVendor Advisory
-
http://securitytracker.com/id?1012297
-
http://secunia.com/advisories/18194
About Secunia Research | FlexeraVendor Advisory
-
http://www.networksecurity.fi/advisories/payroll.html
Jump to