CVE-2002-0370

Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/5873	Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/383779	Third Party Advisory US Government Resource
http://www.iss.net/security_center/static/10251.php	Vendor Advisory
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0009.html
http://www.info.apple.com/usen/security/security_updates.html
http://securityreason.com/securityalert/587
http://www.info-zip.org/FAQ.html
http://marc.info/?l=bugtraq&m=103428193409223&w=2
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:lotus_notes:5.0.10:::::::*
	cpe:2.3:a:ibm:lotus_notes:5.0.11:::::::*
	cpe:2.3:a:ibm:lotus_notes:r6:::::::*
	cpe:2.3:a:verity:keyview_viewing_sdk:gold:::::::*
	cpe:2.3:a:ibm:lotus_notes:5.0.2:::::::*
	cpe:2.3:a:ibm:lotus_notes:5.0.3:::::::*
	cpe:2.3:a:winzip:winzip:7.0:::::::*
	cpe:2.3:a:ibm:lotus_notes::::::::
	cpe:2.3:a:allume_systems_division:stuffit_expander:6.5.2:::::::*
	cpe:2.3:a:ibm:lotus_notes:5.0.4:::::::*
	cpe:2.3:a:ibm:lotus_notes:5.0.5:::::::*
	cpe:2.3:a:ibm:lotus_notes:5.0.1:::::::*
	cpe:2.3:a:ibm:lotus_notes:r5:::::::*
	cpe:2.3:a:ibm:lotus_notes:5.0:::::::*
	cpe:2.3:a:ibm:lotus_notes:5.0.9a:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:microsoft:windows_xp::sp1:home:::::
	cpe:2.3:a:microsoft:windows_98_plus_pack::::::::
	cpe:2.3:o:microsoft:windows_me::::::::
	cpe:2.3:o:microsoft:windows_xp:::home:::::*
	cpe:2.3:o:microsoft:windows_xp::gold:professional:::::

Information

Published : 2002-10-09 21:00

Updated : 2018-10-12 14:31

NVD link : CVE-2002-0370

Mitre link : CVE-2002-0370

JSON object : View

CWE

NVD-CWE-Other

Products Affected

ibm

lotus_notes

winzip

winzip

verity

keyview_viewing_sdk

allume_systems_division

stuffit_expander

microsoft

windows_xp
windows_98_plus_pack
windows_me

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/5873", "name": "5873", "tags": ["Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://www.kb.cert.org/vuls/id/383779", "name": "VU#383779", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.iss.net/security_center/static/10251.php", "name": "win-zip-decompression-bo(10251)", "tags": ["Vendor Advisory"], "refsource": "XF"}, {"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0009.html", "name": "20021002 R7-0004: Multiple Vendor Long ZIP Entry Filename Processing Issues", "tags": [], "refsource": "VULNWATCH"}, {"url": "http://www.info.apple.com/usen/security/security_updates.html", "name": "http://www.info.apple.com/usen/security/security_updates.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://securityreason.com/securityalert/587", "name": "587", "tags": [], "refsource": "SREASON"}, {"url": "http://www.info-zip.org/FAQ.html", "name": "http://www.info-zip.org/FAQ.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://marc.info/?l=bugtraq&m=103428193409223&w=2", "name": "20021002 R7-0004: Multiple Vendor Long ZIP Entry Filename Processing Issues", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054", "name": "MS02-054", "tags": [], "refsource": "MS"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-0370", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2002-10-10T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:5.0.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:5.0.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:r6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:verity:keyview_viewing_sdk:gold:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:5.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:5.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:winzip:winzip:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.5"}, {"cpe23Uri": "cpe:2.3:a:allume_systems_division:stuffit_expander:6.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:5.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:5.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:5.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:r5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:5.0.9a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:windows_98_plus_pack:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-12T21:31Z"}

7.5 /10