CVE-2004-0333

UUDeview <8.1 - RCE

Title source: llm

Description

Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by snooq · clocalwindows

https://www.exploit-db.com/exploits/272

View Code ZIP pw:eip

References (11)

[Various Sources] http://www.winzip.com/fmwz90.htm

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/15490

[Third Party Advisory, VDB Entry] http://www.osvdb.org/4119

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/9758

[Third Party Advisory] http://secunia.com/advisories/10995

[Third Party Advisory, US Government Resource] http://www.ciac.org/ciac/bulletins/o-092.shtml

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/116182

[Various Sources] http://www.openpkg.org/security/OpenPKG-SA-2004.006-uudeview.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/15336

[Various Sources] http://www.idefense.com/application/poi/display?id=76&type=vulnerabiliti&flashstatus=true

[Third Party Advisory] http://secunia.com/advisories/11019

Scores

EPSS 0.6535

EPSS Percentile 98.5%

Details

Status published

Products (7)

gentoo/linux 1.4 (4 CPE variants)

openpkg/openpkg

uudeview/uudeview 0.5.18

uudeview/uudeview 0.5.19

winzip/winzip 7.0

winzip/winzip 8.0

winzip/winzip 8.1 (2 CPE variants)

Published Nov 23, 2004

Tracked Since Feb 18, 2026