CVE-2004-0575

Windows XP and Windows Server 2003 - Remote Code Execution via Compressed Folder Integer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2004-0575. PoCs published by ATmaCA, tarako.

AI-analyzed exploit summary The writeup describes a buffer overflow vulnerability in GetRight's DUNZIP32.DLL (4.0.0.3) triggered by a malicious skin file (*.grs). The exploit involves a crafted skin file that, when loaded, executes arbitrary code due to the overflow.

Description

Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.

Exploits (2)

exploitdb WRITEUP VERIFIED
by ATmaCA · textdoswindows
https://www.exploit-db.com/exploits/677

The writeup describes a buffer overflow vulnerability in GetRight's DUNZIP32.DLL (4.0.0.3) triggered by a malicious skin file (*.grs). The exploit involves a crafted skin file that, when loaded, executes arbitrary code due to the overflow.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: GetRight 5.2a and prior
No auth needed
Prerequisites: Target user must load the malicious skin file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by tarako · cremotewindows
https://www.exploit-db.com/exploits/640

This exploit targets CVE-2004-0575, a vulnerability in Microsoft Windows' handling of compressed (zipped) folders. It crafts a malicious ZIP file with a long filename containing shellcode and a URL, triggering a buffer overflow when the file is opened in Windows Explorer.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows XP SP0 (and other versions affected by MS04-034)
No auth needed
Prerequisites: Victim must open the malicious ZIP file in Windows Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1011637
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3913
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=ntbugtraq&m=109767342326300&w=2
Vendor Advisory third-party-advisory government-resource x_refsource_ciac
http://www.ciac.org/ciac/bulletins/p-010.shtml
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4276
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1053
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/649374
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17624
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17659
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6397

Scores

EPSS 0.7244
EPSS Percentile 98.8%

Details

Status published
Products (3)
microsoft/windows_2003_server 64-bit
microsoft/windows_2003_server r2
microsoft/windows_xp (2 CPE variants)
Published Nov 03, 2004
Tracked Since Feb 18, 2026