CVE-2002-0370

critical

Description

Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0.

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054

http://www.securityfocus.com/bid/5873

http://www.kb.cert.org/vuls/id/383779

http://www.iss.net/security_center/static/10251.php

http://www.info.apple.com/usen/security/security_updates.html

http://www.info-zip.org/FAQ.html

http://securityreason.com/securityalert/587

http://marc.info/?l=bugtraq&m=103428193409223&w=2

http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0009.html

Details

Source: Mitre, NVD

Published: 2002-10-10

Updated: 2024-11-20

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical