Vulnerabilities > CVE-2004-0575 - Unspecified vulnerability in Microsoft Windows 2003 Server and Windows XP

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
microsoft
critical
nessus
exploit available
NVD
Published: 2004-11-03
Updated: 2018-10-12

Summary

Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.

Vulnerable Configurations

Part Description Count
OS
Microsoft
4

Exploit-Db

  • descriptionMS Windows Compressed Zipped Folders Exploit (MS04-034). CVE-2004-0575. Remote exploit for windows platform
    idEDB-ID:640
    last seen2016-01-31
    modified2004-11-19
    published2004-11-19
    reportertarako
    sourcehttps://www.exploit-db.com/download/640/
    titleMicrosoft Windows - Compressed Zipped Folders Exploit MS04-034
  • descriptionGetRight. CVE-2004-0575. Dos exploit for windows platform
    idEDB-ID:677
    last seen2016-01-31
    modified2004-12-06
    published2004-12-06
    reporterATmaCA
    sourcehttps://www.exploit-db.com/download/677/
    titleGetRight <= 5.2a - Skin File .grs Buffer Overflow Exploit

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS04-034.NASL
descriptionThe remote version of Windows is vulnerable to a bug in the way it handles compressed (zipped) folders, that could in turn be exploited by an attacker to execute arbitrary code on the remote host. To exploit this flaw, an attacker would need to send a specially crafted .zip file to a victim on the remote host and wait for him to browse the file using the Windows Explorer.
last seen2020-06-01
modified2020-06-02
plugin id15459
published2004-10-12
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/15459
titleMS04-034: Vulnerability in zipped folders may allow code execution (873376)

Oval

  • accepted2011-10-24T04:00:04.404-04:00
    classvulnerability
    contributors
    • nameDavid Proulx
      organizationThe MITRE Corporation
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameMatthew Wojcik
      organizationThe MITRE Corporation
    • nameShane Shaffer
      organizationG2, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionInteger overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
    familywindows
    idoval:org.mitre.oval:def:1053
    statusaccepted
    submitted2004-10-14T12:00:00.000-04:00
    titleWindows XP (32-Bit) DUNZIP Integer Overflow
    version74
  • accepted2011-10-24T04:00:08.561-04:00
    classvulnerability
    contributors
    • nameDavid Proulx
      organizationThe MITRE Corporation
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameMatthew Wojcik
      organizationThe MITRE Corporation
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionInteger overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
    familywindows
    idoval:org.mitre.oval:def:3913
    statusaccepted
    submitted2004-10-14T12:00:00.000-04:00
    titleWindows Server 2003 (32-Bit) DUNZIP Integer Overflow
    version68
  • accepted2011-10-24T04:00:09.580-04:00
    classvulnerability
    contributors
    • nameDavid Proulx
      organizationThe MITRE Corporation
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameMatthew Wojcik
      organizationThe MITRE Corporation
    • nameDragos Prisaca
      organizationGideon Technologies, Inc.
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionInteger overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
    familywindows
    idoval:org.mitre.oval:def:4276
    statusaccepted
    submitted2004-10-14T12:00:00.000-04:00
    titleWindows Server 2003 (64-Bit) DUNZIP Integer Overflow
    version43
  • accepted2011-10-24T04:00:25.999-04:00
    classvulnerability
    contributors
    • nameDavid Proulx
      organizationThe MITRE Corporation
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameMatthew Wojcik
      organizationThe MITRE Corporation
    • nameDragos Prisaca
      organizationGideon Technologies, Inc.
    • nameShane Shaffer
      organizationG2, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionInteger overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
    familywindows
    idoval:org.mitre.oval:def:6397
    statusaccepted
    submitted2004-10-14T12:00:00.000-04:00
    titleWindows XP (64-Bit) DUNZIP Integer Overflow
    version48

Saint

bid11382
descriptionWindows compressed folders buffer overflow
idwin_patch_zipfolder
osvdb10695
titlewindows_compressed_folders
typeclient

References