Vulnerability Description
Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openpkg | Openpkg | All versions |
| Uudeview | Uudeview | 0.5.18 |
| Winzip | Winzip | 7.0 |
| Gentoo | Linux | 1.4 |
References
- http://secunia.com/advisories/10995
- http://secunia.com/advisories/11019
- http://www.ciac.org/ciac/bulletins/o-092.shtml
- http://www.idefense.com/application/poi/display?id=76&type=vulnerabiliti&flashst
- http://www.kb.cert.org/vuls/id/116182Third Party AdvisoryUS Government Resource
- http://www.openpkg.org/security/OpenPKG-SA-2004.006-uudeview.html
- http://www.osvdb.org/4119
- http://www.securityfocus.com/bid/9758ExploitPatchVendor Advisory
- http://www.winzip.com/fmwz90.htm
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15336
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15490
- http://secunia.com/advisories/10995
- http://secunia.com/advisories/11019
- http://www.ciac.org/ciac/bulletins/o-092.shtml
- http://www.idefense.com/application/poi/display?id=76&type=vulnerabiliti&flashst
FAQ
What is CVE-2004-0333?
CVE-2004-0333 is a vulnerability with a CVSS score of 10.0 (HIGH). Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain l...
How severe is CVE-2004-0333?
CVE-2004-0333 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0333?
Check the references section above for vendor advisories and patch information. Affected products include: Openpkg Openpkg, Uudeview Uudeview, Winzip Winzip, Gentoo Linux.