National Vulnerability Database (NVD) National Vulnerability Database (CVE-2004-1094)

National Cyber-Alert System

Vulnerability Summary for CVE-2004-1094

Original release date:01/10/2005

Last revised:09/10/2008

Source: US-CERT/NIST

Overview

Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products. NOTE: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend)

Impact Subscore: 10.0

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Vulnerability Note: VU#582498

Name: VU#582498

Type: Advisory

Hyperlink:http://www.kb.cert.org/vuls/id/582498

External Source: BUGTRAQ

Name: 20041027 High Risk Vulnerability in RealPlayer

Type: Advisory; Patch Information

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=109894226007607&w=2

External Source: XF

Name: payroll-dunzip32-bo(22737)

Hyperlink:http://xforce.iss.net/xforce/xfdb/22737

External Source: XF

Name: realplayer-dunzip32-bo(17879)

Type: Advisory

Hyperlink:http://xforce.iss.net/xforce/xfdb/17879

External Source: BID

Name: 11555

Type: Advisory

Hyperlink:http://www.securityfocus.com/bid/11555

External Source: BUGTRAQ

Name: 20060906 IBM Lotus Notes DUNZIP32.dll Buffer Overflow Vulnerability

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/445369/100/0/threaded

External Source: BUGTRAQ

Name: 20060330 McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/429361/100/0/threaded

External Source: BUGTRAQ

Name: 20051223 dtSearch DUNZIP32.dll Buffer Overflow Vulnerability

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/420274/100/0/threaded

External Source: MISC

Name: http://www.securiteam.com/windowsntfocus/6Z00W00EAM.html

Hyperlink:http://www.securiteam.com/windowsntfocus/6Z00W00EAM.html

External Source: OSVDB

Name: 19906

Hyperlink:http://www.osvdb.org/19906

External Source: MISC

Name: http://www.networksecurity.fi/advisories/payroll.html

Hyperlink:http://www.networksecurity.fi/advisories/payroll.html

External Source: MISC

Name: http://www.networksecurity.fi/advisories/multiledger.html

Hyperlink:http://www.networksecurity.fi/advisories/multiledger.html

External Source: MISC

Name: http://www.networksecurity.fi/advisories/mcafee-virusscan.html

Hyperlink:http://www.networksecurity.fi/advisories/mcafee-virusscan.html

External Source: MISC

Name: http://www.networksecurity.fi/advisories/lotus-notes.html

Hyperlink:http://www.networksecurity.fi/advisories/lotus-notes.html

External Source: MISC

Name: http://www.networksecurity.fi/advisories/dtsearch.html

Type: Advisory

Hyperlink:http://www.networksecurity.fi/advisories/dtsearch.html

External Source: VUPEN

Name: ADV-2006-1176

Hyperlink:http://www.frsirt.com/english/advisories/2006/1176

External Source: VUPEN

Name: ADV-2005-2057

Type: Advisory

Hyperlink:http://www.frsirt.com/english/advisories/2005/2057

External Source: CONFIRM

Name: http://service.real.com/help/faq/security/041026_player/EN/

Hyperlink:http://service.real.com/help/faq/security/041026_player/EN/

External Source: SECTRACK

Name: 1016817

Hyperlink:http://securitytracker.com/id?1016817

External Source: SECTRACK

Name: 1012297

Hyperlink:http://securitytracker.com/id?1012297

External Source: SECTRACK

Name: 1011944

Hyperlink:http://securitytracker.com/id?1011944

External Source: SECUNIA

Name: 19451

Hyperlink:http://secunia.com/advisories/19451

External Source: SECUNIA

Name: 18194

Type: Advisory

Hyperlink:http://secunia.com/advisories/18194

External Source: SECUNIA

Name: 17394

Type: Advisory

Hyperlink:http://secunia.com/advisories/17394

External Source: SECUNIA

Name: 17096

Type: Advisory

Hyperlink:http://secunia.com/advisories/17096

External Source: BUGTRAQ

Name: 20041027 High Risk Vulnerability in RealPlayer

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=109894226007607&w=2

External Source: BUGTRAQ

Name: 20041027 High Risk Vulnerability in RealPlayer

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=109894226007607&w=2

External Source: BUGTRAQ

Name: 20041027 EEYE: RealPlayer Zipped Skin File Buffer Overflow

Hyperlink:http://archives.neohapsis.com/archives/fulldisclosure/2004-10/1044.html

External Source: SREASON

Name: 653

Hyperlink:http://securityreason.com/securityalert/653

External Source: SREASON

Name: 296

Hyperlink:http://securityreason.com/securityalert/296

Vulnerable software and versions

Configuration 1

* cpe:/a:checkmark:checkmark_payroll:3.7.5

* cpe:/a:checkmark:checkmark_payroll:3.9.1

* cpe:/a:checkmark:checkmark_payroll:3.9.2

* cpe:/a:checkmark:checkmark_payroll:3.9.3

* cpe:/a:checkmark:checkmark_payroll:3.9.4

* cpe:/a:checkmark:checkmark_payroll:3.9.5

* cpe:/a:checkmark:multiledger:6.0.3

* cpe:/a:checkmark:multiledger:6.0.5

* cpe:/a:checkmark:multiledger:7.0.0

* cpe:/a:innermedia:dynazip_library:5.00.00

* cpe:/a:innermedia:dynazip_library:5.00.01

* cpe:/a:innermedia:dynazip_library:5.00.02

* cpe:/a:innermedia:dynazip_library:5.00.03

* cpe:/a:realnetworks:realone_player:1.0

* cpe:/a:realnetworks:realone_player:2.0

* cpe:/a:realnetworks:realplayer:10.0

* cpe:/a:realnetworks:realplayer:10.0_6.0.12.690

* cpe:/a:realnetworks:realplayer:10.0_beta

* cpe:/a:realnetworks:realplayer:10.5

* cpe:/a:realnetworks:realplayer:10.5_6.0.12.1016_beta

* cpe:/a:realnetworks:realplayer:10.5_6.0.12.1040

* cpe:/a:realnetworks:realplayer:10.5_6.0.12.1053

* cpe:/a:checkmark:checkmark_payroll:3.9.6 and previous versions

* cpe:/a:checkmark:multiledger:7.0.1 and previous versions

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1094