Buffer Overflow in ZIP Capability for Microsoft Windows and Other Products
CVE-2002-0370

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Notes; Winzip; Stuffit Expander; Keyview Viewing Sdk
Vendor: CVE Published:; 10 October 2002

Summary

A buffer overflow vulnerability exists in the ZIP processing functionality of multiple products, allowing remote attackers to exploit the handling of ZIP files with excessively long filenames. This could lead to a denial of service or the potential execution of arbitrary code on affected systems, including various versions of Microsoft Windows and other applications like Lotus Notes and Stuffit Expander. Proper validation and handling mechanisms within the affected software are crucial to mitigate the risks associated with this vulnerability.

References

http://www.info.apple.com/usen/security/security_updates....

x_refsource_CONFIRM

http://www.info-zip.org/FAQ.html

x_refsource_CONFIRM

http://www.iss.net/security_center/static/10251.php

vdb-entryx_refsource_XF

EPSS Score

30% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 10, 2002
Vulnerability Reserved
May 8, 2002