Vulnerabilities > CVE-2004-0333

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
winzip
uudeview
openpkg
gentoo
nessus
exploit available
NVD
Published: 2004-11-23
Updated: 2017-07-11

Summary

Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters.

Vulnerable Configurations

Part Description Count
Application
Winzip
4
Application
Uudeview
2
Application
Openpkg
1
OS
Gentoo
4

Exploit-Db

descriptionWinZIP MIME Parsing Overflow Proof of Concept Exploit. CVE-2004-0333. Local exploit for windows platform
idEDB-ID:272
last seen2016-01-31
modified2004-04-15
published2004-04-15
reportersnooq
sourcehttps://www.exploit-db.com/download/272/
titleWinZIP MIME Parsing Overflow Proof of Concept Exploit

Nessus

NASL familyGentoo Local Security Checks
NASL idGENTOO_GLSA-200403-05.NASL
descriptionThe remote host is affected by the vulnerability described in GLSA-200403-05 (UUDeview MIME Buffer Overflow) By decoding a MIME archive with excessively long strings for various parameters, it is possible to crash UUDeview, or cause it to execute arbitrary code. This vulnerability was originally reported by iDEFENSE as part of a WinZip advisory [ Reference: 1 ]. Impact : An attacker could create a specially crafted MIME file and send it via email. When recipient decodes the file, UUDeview may execute arbitrary code which is embedded in the MIME file, thus granting the attacker access to the recipient
last seen2020-06-01
modified2020-06-02
plugin id14456
published2004-08-30
reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/14456
titleGLSA-200403-05 : UUDeview MIME Buffer Overflow

References