English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2004-1094
Description:Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products. NOTE: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same.
Test IDs: 1.3.6.1.4.1.25623.1.0.15789  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2004-1094
BugTraq ID: 11555
http://www.securityfocus.com/bid/11555
Bugtraq: 20041027 EEYE: RealPlayer Zipped Skin File Buffer Overflow (Google Search)
http://archives.neohapsis.com/archives/fulldisclosure/2004-10/1044.html
Bugtraq: 20041027 High Risk Vulnerability in RealPlayer (Google Search)
http://marc.info/?l=bugtraq&m=109894226007607&w=2
Bugtraq: 20051223 dtSearch DUNZIP32.dll Buffer Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/420274/100/0/threaded
Bugtraq: 20060330 McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/429361/100/0/threaded
Bugtraq: 20060906 IBM Lotus Notes DUNZIP32.dll Buffer Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/445369/100/0/threaded
CERT/CC vulnerability note: VU#582498
http://www.kb.cert.org/vuls/id/582498
http://www.networksecurity.fi/advisories/dtsearch.html
http://www.networksecurity.fi/advisories/lotus-notes.html
http://www.networksecurity.fi/advisories/mcafee-virusscan.html
http://www.networksecurity.fi/advisories/multiledger.html
http://www.networksecurity.fi/advisories/payroll.html
http://www.securiteam.com/windowsntfocus/6Z00W00EAM.html
http://www.osvdb.org/19906
http://securitytracker.com/id?1011944
http://securitytracker.com/id?1012297
http://securitytracker.com/id?1016817
http://secunia.com/advisories/17096
http://secunia.com/advisories/17394
http://secunia.com/advisories/18194
http://secunia.com/advisories/19451
http://securityreason.com/securityalert/296
http://securityreason.com/securityalert/653
http://www.vupen.com/english/advisories/2005/2057
http://www.vupen.com/english/advisories/2006/1176
XForce ISS Database: payroll-dunzip32-bo(22737)
https://exchange.xforce.ibmcloud.com/vulnerabilities/22737
XForce ISS Database: realplayer-dunzip32-bo(17879)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17879



© 1998-2025 E-Soft Inc. All rights reserved.