CVE-2002-0370 — Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM Lotus Notes

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

30.2%

top 3.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Lotus Notes Allume Systems Division Stuffit Expander Verity Keyview Viewing SDK +1 more

Timeline

PublishedOct 10

Latest updateApr 30

Description

Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

▶NVDibm/lotus_notes4.5+11

▶NVDverity/keyview_viewing_sdkgold

▶NVDallume_systems_division/stuffit_expander6.5.2

▶NVDwinzip/winzip7.0

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-xq75-p73c-3q2p: Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP fil↗2022-04-30

▶

CVEList

CVE-2002-0370: Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP fil↗2002-10-05

▶