CyberSec.Space Logo
CVEブラウザに戻る

CVE-2004-1010

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1190%
EPSS Percentile2.99th
Published2005年3月1日
Last Modified2026年4月16日

Vulnerability Description

Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname.

Affected Platforms (CPE)

📦
Info Zip

Zip

= 2.3

References & Advisories

🔗 http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028379.html
🔗 http://marc.info/?l=bugtraq&m=109958840611053&w=2
🔗 http://secunia.com/advisories/13094/
🔗 http://security.gentoo.org/glsa/glsa-200411-16.xml
🔗 http://www.ciac.org/ciac/bulletins/p-072.shtml
🔗 http://www.debian.org/security/2005/dsa-624
🔗 http://www.hexview.com/docs/20041103-1.txt
🔗 http://www.info-zip.org/FAQ.html

関連する脆弱性情報

CVE-2004-125410.0

WinRAR 3.40, and possibly earlier versions, allows remote attackers to execute arbitrary code via a ZIP file containing a file wit...

CVE-2004-109410.0

Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary c...

CVE-2004-057510.0

Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003...

CVE-2005-051910.0

ArGoSoft FTP Server before 1.4.2.7 allows remote attackers to read arbitrary files by uploading a ZIP file containing a shortcut (...