CVE-2010-5300

Jzip <2.0.0.132900 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-5300. PoCs published by motaz reda, mr_me.

AI-analyzed exploit summary This exploit generates a malformed ZIP file to trigger a SEH-based Unicode buffer overflow in jZip v2.0.0.132900, leading to a denial-of-service (DoS) condition. The payload consists of a large buffer of 'A's followed by controlled SEH/NSEH values.

Description

Stack-based buffer overflow in Jzip 1.3 through 2.0.0.132900 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file name in a zip archive.

Exploits (2)

exploitdb WORKING POC VERIFIED

by motaz reda · pythondoswindows

https://www.exploit-db.com/exploits/32899

View Code ZIP pw:eip

This exploit generates a malformed ZIP file to trigger a SEH-based Unicode buffer overflow in jZip v2.0.0.132900, leading to a denial-of-service (DoS) condition. The payload consists of a large buffer of 'A's followed by controlled SEH/NSEH values.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: jZip v2.0.0.132900

No auth needed

Prerequisites: Victim must open the malformed ZIP file

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by mr_me · phpdoswindows

https://www.exploit-db.com/exploits/12081

View Code ZIP pw:eip

This PHP script generates a malicious ZIP file exploiting a Unicode buffer overflow in Jzip v1.3. It crafts a ZIP file with a long filename to trigger the vulnerability, though exploitation is hindered by SafeSEH and Unicode limitations.