CVEブラウザに戻る

CVE-2004-0575

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0410%

EPSS Percentile41.66th

Published2004年11月3日

Last Modified2026年4月16日

Vulnerability Description

Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.

Affected Platforms (CPE)

💻

Microsoft

Windows 2003 Server

= 64-bit

💻

Microsoft

Windows 2003 Server

= r2

💻

Microsoft

Windows Xp

All versions

💻

Microsoft

Windows Xp

All versions

References & Advisories

🔗 http://marc.info/?l=ntbugtraq&m=109767342326300&w=2

🔗 http://securitytracker.com/id?1011637

🔗 http://www.ciac.org/ciac/bulletins/p-010.shtml

🔗 http://www.eeye.com/html/research/advisories/AD20041012A.html

🔗 http://www.kb.cert.org/vuls/id/649374

🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-034

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/17624

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/17659

関連する脆弱性情報

CVE-2004-042010.0

The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows ...

CVE-2004-020110.0

Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Serve...

CVE-2003-114210.0

Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows Explorer with SYSTEM privileges, which allows local users t...

CVE-2004-020910.0

Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 al...