Vulnerability Description
Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Allume Systems Division | Stuffit Expander | 6.5.2 |
| Ibm | Lotus Notes | <= 4.5 |
| Verity | Keyview Viewing Sdk | gold |
| Winzip | Winzip | 7.0 |
| Microsoft | Windows 98 Plus Pack | All versions |
| Microsoft | Windows Me | All versions |
| Microsoft | Windows Xp | All versions |
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0009.html
- http://marc.info/?l=bugtraq&m=103428193409223&w=2
- http://securityreason.com/securityalert/587
- http://www.info-zip.org/FAQ.html
- http://www.info.apple.com/usen/security/security_updates.html
- http://www.iss.net/security_center/static/10251.phpVendor Advisory
- http://www.kb.cert.org/vuls/id/383779Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/5873PatchVendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-05
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0009.html
- http://marc.info/?l=bugtraq&m=103428193409223&w=2
- http://securityreason.com/securityalert/587
- http://www.info-zip.org/FAQ.html
- http://www.info.apple.com/usen/security/security_updates.html
- http://www.iss.net/security_center/static/10251.phpVendor Advisory
FAQ
What is CVE-2002-0370?
CVE-2002-0370 is a vulnerability with a CVSS score of 7.5 (HIGH). Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, includi...
How severe is CVE-2002-0370?
CVE-2002-0370 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0370?
Check the references section above for vendor advisories and patch information. Affected products include: Allume Systems Division Stuffit Expander, Ibm Lotus Notes, Verity Keyview Viewing Sdk, Winzip Winzip, Microsoft Windows 98 Plus Pack.