SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2004-0575

Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE

Reference:

SECTRACK-1011637

http://marc.info/?l=ntbugtraq&m=109767342326300&w=2

MS04-034

P-010

VU#649374

http://www.eeye.com/html/research/advisories/AD20041012A.html

oval:org.mitre.oval:def:1053

oval:org.mitre.oval:def:3913

oval:org.mitre.oval:def:4276

oval:org.mitre.oval:def:6397

win-compressed-folders-bo(17624)

win-ms04034-patch(17659)


30479



423868



250039



909



195882



282