Vulnerabilities > CVE-2004-1465 - Unspecified vulnerability in Winzip

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
winzip
nessus
exploit available

Summary

Multiple buffer overflows in WinZip 9.0 and earlier may allow attackers to execute arbitrary code via multiple vectors, including the command line.

Vulnerable Configurations

Part Description Count
Application
Winzip
5

Exploit-Db

descriptionWinZIP <= 8.1 Command Line Local Buffer Overflow Exploit. CVE-2004-1465. Local exploit for windows platform
idEDB-ID:1034
last seen2016-01-31
modified2005-06-07
published2005-06-07
reporterATmaCA
sourcehttps://www.exploit-db.com/download/1034/
titleWinZIP <= 8.1 Command Line Local Buffer Overflow Exploit

Nessus

NASL familyWindows
NASL idWINZIP_OVERFLOWS.NASL
descriptionThe remote host is using a version of WinZip that is prior to 9.0-SR1. It is, therefore, affected by several buffer overflow flaws that can allow an attacker to execute arbitrary code on the host by convincing a user to open a malformed archive file.
last seen2020-06-01
modified2020-06-02
plugin id17362
published2005-03-18
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/17362
titleWinZip <= 9.0 Multiple Unspecified Overflows
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(17362);
  script_version("1.18");
  script_cvs_date("Date: 2018/11/15 20:50:29");

  script_cve_id("CVE-2004-1465");
  script_bugtraq_id(11092);

  script_name(english:"WinZip <= 9.0 Multiple Unspecified Overflows");
  script_summary(english:"Checks the version of WinZip.");

  script_set_attribute(attribute:'synopsis', value:
"The remote host has an application that is affected by multiple buffer
overflow vulnerabilities.");
  script_set_attribute(attribute:'description', value:
"The remote host is using a version of WinZip that is prior to 9.0-SR1.
It is, therefore, affected by several buffer overflow flaws that can
allow an attacker to execute arbitrary code on the host by convincing
a user to open a malformed archive file.");
  script_set_attribute(attribute:'solution', value:"Upgrade to WinZip 9.0-SR1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:'see_also', value:"https://www.winzip.com/wz90sr1.htm");

  script_set_attribute(attribute:"vuln_publication_date", value:"2004/09/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:winzip:winzip");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);

  script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
  script_family(english:"Windows");

  script_dependencies("winzip_installed.nbin");
  script_require_keys("SMB/Registry/Enumerated", "installed_sw/WinZip");
  script_require_ports(139, 445);
  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");

app = "WinZip";

install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);
ver      = install['version'];
path     = install['path'];
disp_ver = install['display_version'];

port = get_kb_item('SMB/transport');
if (!port) port = 445;

# Version 9.0.0 SR-1 is version 18.0.6224.0
if ( ver_compare(ver:ver, fix:'18.0.6224.0', strict:FALSE) == -1 )
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Path              : ' + path +
      '\n  Installed version : ' + disp_ver +
      '\n  Fixed version     : 9.0-SR1' +
      '\n';
    security_note(port:port, extra:report);
  }
  else security_note(port:port);
}
else audit(AUDIT_INST_PATH_NOT_VULN, app, disp_ver, path);