Vulnerability Name:

CVE-2004-1094 (CCN-17879)

Assigned:2004-10-27
Published:2004-10-27
Updated:2018-10-19
Summary:Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products.
Note: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Wed Oct 27 2004 - 01:43:04 CDT
High Risk Vulnerability in RealPlayer

Source: CCN
Type: BugTraq Mailing List, Thu Mar 30 2006 - 06:59:03 CST
McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20041027 EEYE: RealPlayer Zipped Skin File Buffer Overflow

Source: CCN
Type: Full-Disclosure Mailing List, Wed Oct 27 2004 - 15:40:22 CDT
EEYE: RealPlayer Zipped Skin File Buffer Overflow

Source: CCN
Type: Full-Disclosure Mailing List, Wed Sep 06 2006 - 14:42:41 CDT
IBM Lotus Notes DUNZIP32.dll Buffer Overflow Vulnerability

Source: MITRE
Type: CNA
CVE-2004-1094

Source: BUGTRAQ
Type: UNKNOWN
20041027 High Risk Vulnerability in RealPlayer

Source: CCN
Type: SA17096
CheckMark Payroll DUNZIP32.dll Buffer Overflow Vulnerability

Source: SECUNIA
Type: Vendor Advisory
17096

Source: CCN
Type: SA17394
CheckMark MultiLedger DUNZIP32.dll Buffer Overflow Vulnerability

Source: SECUNIA
Type: Vendor Advisory
17394

Source: CCN
Type: SA18194
dtSearch DUNZIP32.dll Buffer Overflow Vulnerability

Source: SECUNIA
Type: Vendor Advisory
18194

Source: CCN
Type: SA19451
McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability

Source: SECUNIA
Type: UNKNOWN
19451

Source: SREASON
Type: UNKNOWN
296

Source: SREASON
Type: UNKNOWN
653

Source: CCN
Type: SECTRACK ID: 1011944
RealPlayer Skin File Buffer Overflow May Let Remote Users Run Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1011944

Source: CCN
Type: SECTRACK ID: 1012297
DynaZip Buffer Overflow in Processing Long Filenames May Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1012297

Source: CCN
Type: SECTRACK ID: 1016817
IBM Lotus Notes Buffer Overflow in `DUNZIP32.dll` Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1016817

Source: CONFIRM
Type: UNKNOWN
http://service.real.com/help/faq/security/041026_player/EN/

Source: CCN
Type: IBM Lotus Notes Web page
IBM Software - IBM Lotus Notes home page

Source: CCN
Type: CheckMark Software, Inc. Web site
CheckMark Software, Inc. - Payroll for Windows and Macintosh

Source: CCN
Type: CIAC Information Bulletin P-023
RealPlayer Vulnerability

Source: CCN
Type: GetRight Web site
GetRight Download Manager: Resume Downloads, Schedule Downloads, Faster Downloads

Source: CCN
Type: Headlight Software, Inc. Web site
Changes in GetRight 5.2x:

Source: CCN
Type: US-CERT VU#582498
InnerMedia DynaZip library vulnerable to buffer overflow via long file names

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#582498

Source: CCN
Type: Networksecurity.fi Security Advisory (21-12-2005)
dtSearch DUNZIP32.dll buffer overflow vulnerability

Source: MISC
Type: Vendor Advisory
http://www.networksecurity.fi/advisories/dtsearch.html

Source: MISC
Type: UNKNOWN
http://www.networksecurity.fi/advisories/lotus-notes.html

Source: MISC
Type: UNKNOWN
http://www.networksecurity.fi/advisories/mcafee-virusscan.html

Source: CCN
Type: Networksecurity.fi Security Advisory (28-10-2005)
CheckMark MultiLedger DUNZIP32.dll buffer overflow vulnerability

Source: MISC
Type: UNKNOWN
http://www.networksecurity.fi/advisories/multiledger.html

Source: CCN
Type: Networksecurity.fi Security Advisory (10-10-2005)
CheckMark Payroll DUNZIP32.dll buffer overflow vulnerability

Source: MISC
Type: UNKNOWN
http://www.networksecurity.fi/advisories/payroll.html

Source: OSVDB
Type: UNKNOWN
19906

Source: CCN
Type: OSVDB ID: 19906
InnerMedia DynaZip DUNZIP32.dll Filename Overflow

Source: MISC
Type: UNKNOWN
http://www.securiteam.com/windowsntfocus/6Z00W00EAM.html

Source: BUGTRAQ
Type: UNKNOWN
20051223 dtSearch DUNZIP32.dll Buffer Overflow Vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20060330 McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20060906 IBM Lotus Notes DUNZIP32.dll Buffer Overflow Vulnerability

Source: BID
Type: Vendor Advisory
11555

Source: CCN
Type: BID-11555
InnerMedia DynaZip Remote Stack Based Buffer Overflow Vulnerability

Source: CCN
Type: BID-11836
Headlight Software GetRight DUNZIP32.dll Remote Buffer Overflow Vulnerability

Source: CCN
Type: RealNetworks, Inc. Releases Update October 26, 2004
RealNetworks, Inc. Releases Update to Address Security Vulnerabilities.

Source: VUPEN
Type: UNKNOWN
ADV-2005-2057

Source: VUPEN
Type: UNKNOWN
ADV-2006-1176

Source: XF
Type: UNKNOWN
dynazip-dunzip32-bo(17879)

Source: XF
Type: UNKNOWN
realplayer-dunzip32-bo(17879)

Source: XF
Type: UNKNOWN
payroll-dunzip32-bo(22737)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:checkmark:checkmark_payroll:3.7.5:*:*:*:*:*:*:*
  • OR cpe:/a:checkmark:checkmark_payroll:3.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:checkmark:checkmark_payroll:3.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:checkmark:checkmark_payroll:3.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:checkmark:checkmark_payroll:3.9.4:*:*:*:*:*:*:*
  • OR cpe:/a:checkmark:checkmark_payroll:3.9.5:*:*:*:*:*:*:*
  • OR cpe:/a:checkmark:checkmark_payroll:*:*:*:*:*:*:*:* (Version <= 3.9.6)
  • OR cpe:/a:checkmark:multiledger:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:checkmark:multiledger:6.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:checkmark:multiledger:7.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:checkmark:multiledger:*:*:*:*:*:*:*:* (Version <= 7.0.1)
  • OR cpe:/a:innermedia:dynazip_library:5.00.00:*:*:*:*:*:*:*
  • OR cpe:/a:innermedia:dynazip_library:5.00.01:*:*:*:*:*:*:*
  • OR cpe:/a:innermedia:dynazip_library:5.00.02:*:*:*:*:*:*:*
  • OR cpe:/a:innermedia:dynazip_library:5.00.03:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realone_player:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.0_6.0.12.690:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.0_beta:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.5_6.0.12.1016_beta:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.5_6.0.12.1040:*:*:*:*:*:*:*
  • OR cpe:/a:realnetworks:realplayer:10.5_6.0.12.1053:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mcafee:virusscan:*:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:lotus_notes:6.5.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    checkmark checkmark payroll 3.7.5
    checkmark checkmark payroll 3.9.1
    checkmark checkmark payroll 3.9.2
    checkmark checkmark payroll 3.9.3
    checkmark checkmark payroll 3.9.4
    checkmark checkmark payroll 3.9.5
    checkmark checkmark payroll *
    checkmark multiledger 6.0.3
    checkmark multiledger 6.0.5
    checkmark multiledger 7.0.0
    checkmark multiledger *
    innermedia dynazip library 5.00.00
    innermedia dynazip library 5.00.01
    innermedia dynazip library 5.00.02
    innermedia dynazip library 5.00.03
    realnetworks realone player 1.0
    realnetworks realone player 2.0
    realnetworks realplayer 10.0
    realnetworks realplayer 10.0_6.0.12.690
    realnetworks realplayer 10.0_beta
    realnetworks realplayer 10.5
    realnetworks realplayer 10.5_6.0.12.1016_beta
    realnetworks realplayer 10.5_6.0.12.1040
    realnetworks realplayer 10.5_6.0.12.1053
    mcafee virusscan *
    ibm lotus notes 6.5.4