Description
Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products. NOTE: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same.
References (28)
Core 28
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/420274/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1011944
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/fulldisclosure/2004-10/1044.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/22737
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/19906
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2057
Various Sources x_refsource_misc
http://www.networksecurity.fi/advisories/lotus-notes.html
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109894226007607&w=2
Various Sources x_refsource_misc
http://www.networksecurity.fi/advisories/payroll.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19451
Vendor Advisory x_refsource_misc
http://www.networksecurity.fi/advisories/dtsearch.html
Various Sources x_refsource_misc
http://www.networksecurity.fi/advisories/mcafee-virusscan.html
Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11555
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17394
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17879
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/429361/100/0/threaded
Various Sources x_refsource_misc
http://www.networksecurity.fi/advisories/multiledger.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/445369/100/0/threaded
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/582498
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1012297
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1176
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1016817
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18194
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/653
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/296
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17096
Various Sources x_refsource_confirm
http://service.real.com/help/faq/security/041026_player/EN/
Various Sources x_refsource_misc
http://www.securiteam.com/windowsntfocus/6Z00W00EAM.html
Scores
EPSS
0.4447
EPSS Percentile
97.6%
Details
Status
published
Products (24)
checkmark/checkmark_payroll
3.7.5
checkmark/checkmark_payroll
3.9.1
checkmark/checkmark_payroll
3.9.2
checkmark/checkmark_payroll
3.9.3
checkmark/checkmark_payroll
3.9.4
checkmark/checkmark_payroll
3.9.5
checkmark/checkmark_payroll
< 3.9.6
checkmark/multiledger
6.0.3
checkmark/multiledger
6.0.5
checkmark/multiledger
7.0.0
... and 14 more
Published
Jan 10, 2005
Tracked Since
Feb 18, 2026