CVE-2002-0370
Summary
| CVE | CVE-2002-0370 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2002-10-10 04:00:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0. |
Risk And Classification
Primary CVSS: v2.0 7.5 from [email protected]
AV:N/AC:L/Au:N/C:P/I:P/A:P
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:L/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Allume Systems Division | Stuffit Expander | 6.5.2 | All | All | All |
| Application | Ibm | Lotus Notes | 5.0 | All | All | All |
| Application | Ibm | Lotus Notes | 5.0.1 | All | All | All |
| Application | Ibm | Lotus Notes | 5.0.10 | All | All | All |
| Application | Ibm | Lotus Notes | 5.0.11 | All | All | All |
| Application | Ibm | Lotus Notes | 5.0.2 | All | All | All |
| Application | Ibm | Lotus Notes | 5.0.3 | All | All | All |
| Application | Ibm | Lotus Notes | 5.0.4 | All | All | All |
| Application | Ibm | Lotus Notes | 5.0.5 | All | All | All |
| Application | Ibm | Lotus Notes | 5.0.9a | All | All | All |
| Application | Ibm | Lotus Notes | r5 | All | All | All |
| Application | Ibm | Lotus Notes | r6 | All | All | All |
| Application | Ibm | Lotus Notes | All | All | All | All |
| Application | Microsoft | Windows 98 Plus Pack | All | All | All | All |
| Operating System | Microsoft | Windows Me | All | All | All | All |
| Operating System | Microsoft | Windows Xp | All | All | home | All |
| Operating System | Microsoft | Windows Xp | All | gold | professional | All |
| Operating System | Microsoft | Windows Xp | All | sp1 | home | All |
| Application | Verity | Keyview Viewing Sdk | gold | All | All | All |
| Application | Winzip | Winzip | 7.0 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CERT/CC Vulnerability Note VU#383779 | af854a3a-2127-422b-91ae-364da2661108 | www.kb.cert.org | Third Party Advisory, US Government Resource |
| SecurityReason | af854a3a-2127-422b-91ae-364da2661108 | securityreason.com | |
| ISS X-Force Database: win-zip-decompression-bo (10251): Windows zipped file decompression buffer overflow | af854a3a-2127-422b-91ae-364da2661108 | www.iss.net | Vendor Advisory |
| Multiple Vendor ZIP Files Long Filename Buffer Overflow Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Patch, Vendor Advisory |
| Apple Computer Product Security Incident Response | af854a3a-2127-422b-91ae-364da2661108 | www.info.apple.com | |
| Microsoft Security Bulletin MS02-054 - Important | Microsoft Docs | af854a3a-2127-422b-91ae-364da2661108 | docs.microsoft.com | |
| Info-ZIP Frequently Asked Questions | af854a3a-2127-422b-91ae-364da2661108 | www.info-zip.org | |
| Neohapsis Archives - VulnWatch - [VulnWatch] R7-0004: Multiple Vendor Long ZIP Entry Filename Processing Issues - From advisory_at_rapid7.com | af854a3a-2127-422b-91ae-364da2661108 | archives.neohapsis.com | |
| 'R7-0004: Multiple Vendor Long ZIP Entry Filename Processing' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.