CVE Vulnerabilities

CVE-2004-1094

Published: Jan 10, 2005 | Modified: Oct 19, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products. NOTE: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same.

Affected Software

Name Vendor Start Version End Version
Checkmark_payroll Checkmark 3.7.5 3.7.5
Checkmark_payroll Checkmark 3.9.1 3.9.1
Checkmark_payroll Checkmark 3.9.2 3.9.2
Checkmark_payroll Checkmark 3.9.3 3.9.3
Checkmark_payroll Checkmark 3.9.4 3.9.4
Checkmark_payroll Checkmark 3.9.5 3.9.5
Checkmark_payroll Checkmark * 3.9.6
Multiledger Checkmark 6.0.3 6.0.3
Multiledger Checkmark 6.0.5 6.0.5
Multiledger Checkmark 7.0.0 7.0.0
Multiledger Checkmark * 7.0.1
Dynazip_library Innermedia 5.00.00 5.00.00
Dynazip_library Innermedia 5.00.01 5.00.01
Dynazip_library Innermedia 5.00.02 5.00.02
Dynazip_library Innermedia 5.00.03 5.00.03
Realone_player Realnetworks 1.0 1.0
Realone_player Realnetworks 2.0 2.0
Realplayer Realnetworks 10.0 10.0
Realplayer Realnetworks 10.0_6.0.12.690 10.0_6.0.12.690
Realplayer Realnetworks 10.0_beta 10.0_beta
Realplayer Realnetworks 10.5 10.5
Realplayer Realnetworks 10.5_6.0.12.1016_beta 10.5_6.0.12.1016_beta
Realplayer Realnetworks 10.5_6.0.12.1040 10.5_6.0.12.1040
Realplayer Realnetworks 10.5_6.0.12.1053 10.5_6.0.12.1053

References