Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0333

6 documents6 sources
Severity
10.0CRITICAL
EPSS
65.4%
top 1.51%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Gentoo LinuxUudeview UudeviewWinzip Winzip
Timeline
PublishedNov 23
Latest updateApr 29

Description

Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

NVDwinzip/winzip7.0, 8.0, 8.1+2
Debianuudeview< 0.5.20+3
NVDuudeview/uudeview0.5.18, 0.5.19+1
NVDgentoo/linux1.4

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

3
GHSA
GHSA-hfvp-w94h-cf79: Buffer overflow in the UUDeview package, as used in WinZip 62022-04-29
OSV
CVE-2004-0333: Buffer overflow in the UUDeview package, as used in WinZip 62004-11-23
CVEList
CVE-2004-0333: Buffer overflow in the UUDeview package, as used in WinZip 62004-03-18

💥Exploits & PoCs

1
Exploit-DB
WinZip - MIME Parsing Overflow2004-04-15

📋Vendor Advisories

1
Debian
CVE-2004-0333: uudeview - Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8....2004
CVE-2004-0333 (CRITICAL CVSS 10) | Buffer overflow in the UUDeview pac | cvebase.io