NVD Vulnerability Detail

CVE-2004-1094

Summary	Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products. NOTE: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same.
Publication Date	Jan. 10, 2005, 2 p.m.
Registration Date	Jan. 29, 2021, 6 p.m.
Last Update	Oct. 20, 2018, 12:30 a.m.

CVSS2.0 : HIGH
Score	10.0
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	はい
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:checkmark:checkmark_payroll:3.7.5:::::::*
cpe:2.3:a:checkmark:checkmark_payroll:3.9.1:::::::*
cpe:2.3:a:checkmark:checkmark_payroll:3.9.2:::::::*
cpe:2.3:a:checkmark:checkmark_payroll:3.9.3:::::::*
cpe:2.3:a:checkmark:checkmark_payroll:3.9.4:::::::*
cpe:2.3:a:checkmark:checkmark_payroll:3.9.5:::::::*
cpe:2.3:a:checkmark:checkmark_payroll::::::::		3.9.6
cpe:2.3:a:checkmark:multiledger:6.0.3:::::::*
cpe:2.3:a:checkmark:multiledger:6.0.5:::::::*
cpe:2.3:a:checkmark:multiledger:7.0.0:::::::*
cpe:2.3:a:checkmark:multiledger::::::::		7.0.1
cpe:2.3:a:innermedia:dynazip_library:5.00.00:::::::*
cpe:2.3:a:innermedia:dynazip_library:5.00.01:::::::*
cpe:2.3:a:innermedia:dynazip_library:5.00.02:::::::*
cpe:2.3:a:innermedia:dynazip_library:5.00.03:::::::*
cpe:2.3:a:realnetworks:realone_player:1.0:::::::*
cpe:2.3:a:realnetworks:realone_player:2.0:::::::*
cpe:2.3:a:realnetworks:realplayer:10.0:::::::*
cpe:2.3:a:realnetworks:realplayer:10.0_6.0.12.690:::::::*
cpe:2.3:a:realnetworks:realplayer:10.0_beta:::::::*
cpe:2.3:a:realnetworks:realplayer:10.5:::::::*
cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1016_beta:::::::*
cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:::::::*
cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1053:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://archives.neohapsis.com/archives/fulldisclosure/2004-10/1044.html	BUGTRAQ
2	http://marc.info/?l=bugtraq&m=109894226007607&w=2	BUGTRAQ
3	http://secunia.com/advisories/17096	SECUNIA	Vendor Advisory
4	http://secunia.com/advisories/17394	SECUNIA	Vendor Advisory
5	http://secunia.com/advisories/18194	SECUNIA	Vendor Advisory
6	http://secunia.com/advisories/19451	SECUNIA
7	http://securityreason.com/securityalert/296	SREASON
8	http://securityreason.com/securityalert/653	SREASON
9	http://securitytracker.com/id?1011944	SECTRACK
10	http://securitytracker.com/id?1012297	SECTRACK
11	http://securitytracker.com/id?1016817	SECTRACK
12	http://service.real.com/help/faq/security/041026_player/EN/	CONFIRM
13	http://www.kb.cert.org/vuls/id/582498	CERT-VN	Third Party Advisory US Government Resource
14	http://www.networksecurity.fi/advisories/dtsearch.html	MISC	Vendor Advisory
15	http://www.networksecurity.fi/advisories/lotus-notes.html	MISC
16	http://www.networksecurity.fi/advisories/mcafee-virusscan.html	MISC
17	http://www.networksecurity.fi/advisories/multiledger.html	MISC
18	http://www.networksecurity.fi/advisories/payroll.html	MISC
19	http://www.osvdb.org/19906	OSVDB
20	http://www.securiteam.com/windowsntfocus/6Z00W00EAM.html	MISC
21	http://www.securityfocus.com/archive/1/420274/100/0/threaded	BUGTRAQ
22	http://www.securityfocus.com/archive/1/429361/100/0/threaded	BUGTRAQ
23	http://www.securityfocus.com/archive/1/445369/100/0/threaded	BUGTRAQ
24	http://www.securityfocus.com/bid/11555	BID	Vendor Advisory
25	http://www.vupen.com/english/advisories/2005/2057	VUPEN
26	http://www.vupen.com/english/advisories/2006/1176	VUPEN
27	https://exchange.xforce.ibmcloud.com/vulnerabilities/17879	XF
28	https://exchange.xforce.ibmcloud.com/vulnerabilities/22737	XF

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:checkmark:checkmark_payroll:3.7.5:::::::*
cpe:2.3:a:checkmark:checkmark_payroll:3.9.1:::::::*
cpe:2.3:a:checkmark:checkmark_payroll:3.9.2:::::::*
cpe:2.3:a:checkmark:checkmark_payroll:3.9.3:::::::*
cpe:2.3:a:checkmark:checkmark_payroll:3.9.4:::::::*
cpe:2.3:a:checkmark:checkmark_payroll:3.9.5:::::::*
cpe:2.3:a:checkmark:checkmark_payroll::::::::		3.9.6
cpe:2.3:a:checkmark:multiledger:6.0.3:::::::*
cpe:2.3:a:checkmark:multiledger:6.0.5:::::::*
cpe:2.3:a:checkmark:multiledger:7.0.0:::::::*
cpe:2.3:a:checkmark:multiledger::::::::		7.0.1
cpe:2.3:a:innermedia:dynazip_library:5.00.00:::::::*
cpe:2.3:a:innermedia:dynazip_library:5.00.01:::::::*
cpe:2.3:a:innermedia:dynazip_library:5.00.02:::::::*
cpe:2.3:a:innermedia:dynazip_library:5.00.03:::::::*
cpe:2.3:a:realnetworks:realone_player:1.0:::::::*
cpe:2.3:a:realnetworks:realone_player:2.0:::::::*
cpe:2.3:a:realnetworks:realplayer:10.0:::::::*
cpe:2.3:a:realnetworks:realplayer:10.0_6.0.12.690:::::::*
cpe:2.3:a:realnetworks:realplayer:10.0_beta:::::::*
cpe:2.3:a:realnetworks:realplayer:10.5:::::::*
cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1016_beta:::::::*
cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:::::::*
cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1053:::::::*