Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| winzip | winzip | 8.0 |
| openpkg | openpkg | * |
| uudeview | uudeview | 0.5.19 |
| winzip | winzip | 8.1 |
| winzip | winzip | 7.0 |
| uudeview | uudeview | 0.5.18 |
| gentoo | linux | 1.4 |
UUDeview 0.5.20 and earlier handles temporary files insecurely during decoding, with unknown attack vectors and impact.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| uudeview | uudeview | 0.5.19 |
| uudeview | uudeview | 0.5.18 |