NVD脆弱性詳細

CVE-2004-1094

概要	Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products. NOTE: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same.
公表日	2005年1月10日14:00
登録日	2021年1月29日18:00
最終更新日	2018年10月20日0:30

CVSS2.0 : HIGH
スコア	10.0
ベクター	AV:N/AC:L/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
全ての特権を取得	はい
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:checkmark:checkmark_payroll:3.7.5:::::::*
cpe:2.3:a:checkmark:checkmark_payroll:3.9.1:::::::*
cpe:2.3:a:checkmark:checkmark_payroll:3.9.2:::::::*
cpe:2.3:a:checkmark:checkmark_payroll:3.9.3:::::::*
cpe:2.3:a:checkmark:checkmark_payroll:3.9.4:::::::*
cpe:2.3:a:checkmark:checkmark_payroll:3.9.5:::::::*
cpe:2.3:a:checkmark:checkmark_payroll::::::::		3.9.6
cpe:2.3:a:checkmark:multiledger:6.0.3:::::::*
cpe:2.3:a:checkmark:multiledger:6.0.5:::::::*
cpe:2.3:a:checkmark:multiledger:7.0.0:::::::*
cpe:2.3:a:checkmark:multiledger::::::::		7.0.1
cpe:2.3:a:innermedia:dynazip_library:5.00.00:::::::*
cpe:2.3:a:innermedia:dynazip_library:5.00.01:::::::*
cpe:2.3:a:innermedia:dynazip_library:5.00.02:::::::*
cpe:2.3:a:innermedia:dynazip_library:5.00.03:::::::*
cpe:2.3:a:realnetworks:realone_player:1.0:::::::*
cpe:2.3:a:realnetworks:realone_player:2.0:::::::*
cpe:2.3:a:realnetworks:realplayer:10.0:::::::*
cpe:2.3:a:realnetworks:realplayer:10.0_6.0.12.690:::::::*
cpe:2.3:a:realnetworks:realplayer:10.0_beta:::::::*
cpe:2.3:a:realnetworks:realplayer:10.5:::::::*
cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1016_beta:::::::*
cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:::::::*
cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1053:::::::*

関連情報、対策とツール

No	URL	refsource	タグ
1	http://archives.neohapsis.com/archives/fulldisclosure/2004-10/1044.html	BUGTRAQ
2	http://marc.info/?l=bugtraq&m=109894226007607&w=2	BUGTRAQ
3	http://secunia.com/advisories/17096	SECUNIA	Vendor Advisory
4	http://secunia.com/advisories/17394	SECUNIA	Vendor Advisory
5	http://secunia.com/advisories/18194	SECUNIA	Vendor Advisory
6	http://secunia.com/advisories/19451	SECUNIA
7	http://securityreason.com/securityalert/296	SREASON
8	http://securityreason.com/securityalert/653	SREASON
9	http://securitytracker.com/id?1011944	SECTRACK
10	http://securitytracker.com/id?1012297	SECTRACK
11	http://securitytracker.com/id?1016817	SECTRACK
12	http://service.real.com/help/faq/security/041026_player/EN/	CONFIRM
13	http://www.kb.cert.org/vuls/id/582498	CERT-VN	Third Party Advisory US Government Resource
14	http://www.networksecurity.fi/advisories/dtsearch.html	MISC	Vendor Advisory
15	http://www.networksecurity.fi/advisories/lotus-notes.html	MISC
16	http://www.networksecurity.fi/advisories/mcafee-virusscan.html	MISC
17	http://www.networksecurity.fi/advisories/multiledger.html	MISC
18	http://www.networksecurity.fi/advisories/payroll.html	MISC
19	http://www.osvdb.org/19906	OSVDB
20	http://www.securiteam.com/windowsntfocus/6Z00W00EAM.html	MISC
21	http://www.securityfocus.com/archive/1/420274/100/0/threaded	BUGTRAQ
22	http://www.securityfocus.com/archive/1/429361/100/0/threaded	BUGTRAQ
23	http://www.securityfocus.com/archive/1/445369/100/0/threaded	BUGTRAQ
24	http://www.securityfocus.com/bid/11555	BID	Vendor Advisory
25	http://www.vupen.com/english/advisories/2005/2057	VUPEN
26	http://www.vupen.com/english/advisories/2006/1176	VUPEN
27	https://exchange.xforce.ibmcloud.com/vulnerabilities/17879	XF
28	https://exchange.xforce.ibmcloud.com/vulnerabilities/22737	XF

共通脆弱性一覧

構成1	以上	以下	より上	未満
cpe:2.3:a:checkmark:checkmark_payroll:3.7.5:::::::*
cpe:2.3:a:checkmark:checkmark_payroll:3.9.1:::::::*
cpe:2.3:a:checkmark:checkmark_payroll:3.9.2:::::::*
cpe:2.3:a:checkmark:checkmark_payroll:3.9.3:::::::*
cpe:2.3:a:checkmark:checkmark_payroll:3.9.4:::::::*
cpe:2.3:a:checkmark:checkmark_payroll:3.9.5:::::::*
cpe:2.3:a:checkmark:checkmark_payroll::::::::		3.9.6
cpe:2.3:a:checkmark:multiledger:6.0.3:::::::*
cpe:2.3:a:checkmark:multiledger:6.0.5:::::::*
cpe:2.3:a:checkmark:multiledger:7.0.0:::::::*
cpe:2.3:a:checkmark:multiledger::::::::		7.0.1
cpe:2.3:a:innermedia:dynazip_library:5.00.00:::::::*
cpe:2.3:a:innermedia:dynazip_library:5.00.01:::::::*
cpe:2.3:a:innermedia:dynazip_library:5.00.02:::::::*
cpe:2.3:a:innermedia:dynazip_library:5.00.03:::::::*
cpe:2.3:a:realnetworks:realone_player:1.0:::::::*
cpe:2.3:a:realnetworks:realone_player:2.0:::::::*
cpe:2.3:a:realnetworks:realplayer:10.0:::::::*
cpe:2.3:a:realnetworks:realplayer:10.0_6.0.12.690:::::::*
cpe:2.3:a:realnetworks:realplayer:10.0_beta:::::::*
cpe:2.3:a:realnetworks:realplayer:10.5:::::::*
cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1016_beta:::::::*
cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1040:::::::*
cpe:2.3:a:realnetworks:realplayer:10.5_6.0.12.1053:::::::*