Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and previous versions allows remote malicious users to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and previous versions, (3) CheckMark MultiLedger prior to 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and previous versions, (6) IBM Lotus Notes prior to 6.5.5, and other products. NOTE: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
realnetworks realplayer 10.0 |
||
checkmark multiledger 6.0.3 |
||
realnetworks realplayer 10.5 6.0.12.1016 beta |
||
realnetworks realone player 2.0 |
||
realnetworks realplayer 10.0 beta |
||
realnetworks realplayer 10.5 6.0.12.1053 |
||
checkmark checkmark payroll |
||
checkmark multiledger |
||
innermedia dynazip library 5.00.00 |
||
checkmark checkmark payroll 3.9.5 |
||
checkmark checkmark payroll 3.9.1 |
||
innermedia dynazip library 5.00.01 |
||
checkmark checkmark payroll 3.7.5 |
||
realnetworks realone player 1.0 |
||
realnetworks realplayer 10.0 6.0.12.690 |
||
innermedia dynazip library 5.00.03 |
||
checkmark checkmark payroll 3.9.4 |
||
checkmark checkmark payroll 3.9.3 |
||
realnetworks realplayer 10.5 |
||
checkmark checkmark payroll 3.9.2 |
||
realnetworks realplayer 10.5 6.0.12.1040 |
||
checkmark multiledger 6.0.5 |
||
innermedia dynazip library 5.00.02 |
||
checkmark multiledger 7.0.0 |
Vulmon