Vulnerabilities > CVE-2004-0333 - Buffer Overrun vulnerability in UUDeview MIME Archive
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters. This was fixed in WinZip 8.1 SR-2 in March of 2004. You can find more information on the subject on the following pages of the winzip site: http://www.winzip.com/wz81sr2.htm http://www.winzip.com/fmwz90.htm
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 2 | |
| Application | 4 | |
| OS | 4 |
Exploit-Db
| description | WinZIP MIME Parsing Overflow Proof of Concept Exploit. CVE-2004-0333. Local exploit for windows platform |
| id | EDB-ID:272 |
| last seen | 2016-01-31 |
| modified | 2004-04-15 |
| published | 2004-04-15 |
| reporter | snooq |
| source | https://www.exploit-db.com/download/272/ |
| title | WinZIP MIME Parsing Overflow Proof of Concept Exploit |
Nessus
| NASL family | Gentoo Local Security Checks |
| NASL id | GENTOO_GLSA-200403-05.NASL |
| description | The remote host is affected by the vulnerability described in GLSA-200403-05 (UUDeview MIME Buffer Overflow) By decoding a MIME archive with excessively long strings for various parameters, it is possible to crash UUDeview, or cause it to execute arbitrary code. This vulnerability was originally reported by iDEFENSE as part of a WinZip advisory [ Reference: 1 ]. Impact : An attacker could create a specially crafted MIME file and send it via email. When recipient decodes the file, UUDeview may execute arbitrary code which is embedded in the MIME file, thus granting the attacker access to the recipient |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 14456 |
| published | 2004-08-30 |
| reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/14456 |
| title | GLSA-200403-05 : UUDeview MIME Buffer Overflow |
References
- http://secunia.com/advisories/10995
- http://secunia.com/advisories/11019
- http://www.ciac.org/ciac/bulletins/o-092.shtml
- http://www.idefense.com/application/poi/display?id=76&type=vulnerabiliti&flashstatus=true
- http://www.kb.cert.org/vuls/id/116182
- http://www.openpkg.org/security/OpenPKG-SA-2004.006-uudeview.html
- http://www.osvdb.org/4119
- http://www.securityfocus.com/bid/9758
- http://www.winzip.com/fmwz90.htm
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15336
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15490