CVE-2004-1465 - OpenCVE

Multiple buffer overflows in WinZip 9.0 and earlier may allow attackers to execute arbitrary code via multiple vectors, including the command line.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:H/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Winzip	Winzip

Configuration 1 [-]

OR	cpe:2.3:a:winzip:winzip:7.0:::::::*
	cpe:2.3:a:winzip:winzip:8.0:::::::*
	cpe:2.3:a:winzip:winzip:8.1:::::::*
	cpe:2.3:a:winzip:winzip:8.1:sr1::::::
	cpe:2.3:a:winzip:winzip:9.0:::::::*

References

Link	Resource
http://marc.info/?l=bugtraq&m=109416099301369&w=2
http://securitytracker.com/id?1011132	Patch
http://www.ciac.org/ciac/bulletins/o-211.shtml	Vendor Advisory
http://www.securityfocus.com/bid/11092	Patch
http://www.winzip.com/wz90sr1.htm	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/17192
https://exchange.xforce.ibmcloud.com/vulnerabilities/17197

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-02-13T05:00:00

Updated: 2017-07-10T14:57:01

Reserved: 2005-02-13T00:00:00

Link: CVE-2004-1465

JSON object: View

NVD Information

Status : Modified

Published: 2004-12-31T05:00:00.000

Modified: 2017-07-11T01:31:03.417

Link: CVE-2004-1465

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-09-01T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in WinZip 9.0 and earlier may allow attackers to execute arbitrary code via multiple vectors, including the command line."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20040901 WinZip Unspecified Buffer Overflows May Let Remote or Local Users Execute Arbitrary Code", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=109416099301369&w=2"}, {"name": "winzip-command-line-bo(17197)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17197"}, {"name": "11092", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/11092"}, {"name": "winzip-code-execution(17192)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17192"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.winzip.com/wz90sr1.htm"}, {"name": "1011132", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1011132"}, {"name": "O-211", "tags": ["third-party-advisory", "government-resource", "x_refsource_CIAC"], "url": "http://www.ciac.org/ciac/bulletins/o-211.shtml"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1465", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple buffer overflows in WinZip 9.0 and earlier may allow attackers to execute arbitrary code via multiple vectors, including the command line."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20040901 WinZip Unspecified Buffer Overflows May Let Remote or Local Users Execute Arbitrary Code", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=109416099301369&w=2"}, {"name": "winzip-command-line-bo(17197)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17197"}, {"name": "11092", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11092"}, {"name": "winzip-code-execution(17192)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17192"}, {"name": "http://www.winzip.com/wz90sr1.htm", "refsource": "CONFIRM", "url": "http://www.winzip.com/wz90sr1.htm"}, {"name": "1011132", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1011132"}, {"name": "O-211", "refsource": "CIAC", "url": "http://www.ciac.org/ciac/bulletins/o-211.shtml"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1465", "datePublished": "2005-02-13T05:00:00", "dateReserved": "2005-02-13T00:00:00", "dateUpdated": "2017-07-10T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:winzip:winzip:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "A2ACBE01-B77A-4D09-8FB3-D6365786C44F", "vulnerable": true}, {"criteria": "cpe:2.3:a:winzip:winzip:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "FDE7DCD6-90B3-4259-9BE6-B9F7A30A64AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:winzip:winzip:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "4088C545-249E-47AD-8BF8-A6A2E5B2BF18", "vulnerable": true}, {"criteria": "cpe:2.3:a:winzip:winzip:8.1:sr1:*:*:*:*:*:*", "matchCriteriaId": "3533CE02-6CC0-4E64-B604-BAA131042C7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:winzip:winzip:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "523ADB29-C3D5-4C06-89B6-22B5FC68C240", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in WinZip 9.0 and earlier may allow attackers to execute arbitrary code via multiple vectors, including the command line."}], "id": "CVE-2004-1465", "lastModified": "2017-07-11T01:31:03.417", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2004-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=109416099301369&w=2"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://securitytracker.com/id?1011132"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ciac.org/ciac/bulletins/o-211.shtml"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/11092"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.winzip.com/wz90sr1.htm"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17192"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17197"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}