MidnightBSD

Advisories for checkmark

CVE-2004-1094 HIGH

Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products. NOTE: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realplayer 10.5
checkmark checkmark_payroll 3.9.1
realnetworks realplayer 10.0_6.0.12.690
checkmark multiledger 6.0.5
realnetworks realone_player 2.0
checkmark multiledger 6.0.3
realnetworks realplayer 10.0
innermedia dynazip_library 5.00.02
realnetworks realplayer 10.5_6.0.12.1053
checkmark checkmark_payroll 3.9.4
innermedia dynazip_library 5.00.03
realnetworks realone_player 1.0
realnetworks realplayer 10.5_6.0.12.1016_beta
innermedia dynazip_library 5.00.01
innermedia dynazip_library 5.00.00
checkmark checkmark_payroll 3.7.5
realnetworks realplayer 10.5_6.0.12.1040
realnetworks realplayer 10.0_beta
checkmark multiledger 7.0.0
checkmark checkmark_payroll 3.9.5
checkmark multiledger *
checkmark checkmark_payroll *
checkmark checkmark_payroll 3.9.2
checkmark checkmark_payroll 3.9.3