CVE-2004-0333
published 2004-11-23CVE-2004-0333: Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute…
PriorityP349critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
24.23%
97.6th percentile
Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | uudeview | < uudeview 0.5.20 (bookworm) | uudeview 0.5.20 (bookworm) |
| gentoo | linux | — | — |
| uudeview | uudeview | — | — |
| uudeview | uudeview | — | — |
| uudeview | uudeview | >= 0 < 0.5.20 | 0.5.20 |
| uudeview | uudeview | >= 0 < 0.5.20 | 0.5.20 |
| uudeview | uudeview | >= 0 < 0.5.20 | 0.5.20 |
| uudeview | uudeview | >= 0 < 0.5.20 | 0.5.20 |
| winzip | winzip | — | — |
| winzip | winzip | — | — |
| winzip | winzip | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\x55\x8b\xec\x33\xf6\x56\x68\x2e\x65\x78\x65\x68\x65\x70\x61\x64\x68\x90\x6e\x6f\x74\x46\x56\x8d\x7d\xf1\x57
- →Look for UUE/MIME archive files with anomalously long MIME boundary or parameter strings (>268 bytes) in the Content-Type header, consistent with heap overflow triggering. ↗
- →Detect MIME multipart archives where the 'boundary=' parameter in the Content-Type header is padded to ~1024 bytes, which is the exploit buffer size used in the PoC. ↗
- →The exploit overwrites the per-thread top SEH pointer at 0x7ffddffe to redirect execution; monitor for SEH chain corruption at this address on Windows XP SP1 and Windows 2000 SP1 targets. ↗
- →The heap overflow exploit uses a controlled 'index' value of 0xfffffff5 (-11) placed at offset 268 within the buffer to manipulate ECX/EDI via heap unlink primitives; flag .uue files containing this DWORD pattern. ↗
- →Shellcode in the PoC spawns notepad.exe via WinExec; look for WinZip32 process spawning unexpected child processes (e.g., notepad.exe) after opening a .uue file. ↗
- ·Affected versions are WinZip 6.2 through WinZip 8.1 SR-1; the underlying vulnerable component is the UUDeview package, which may also be present in other software. ↗
- ·Debian resolved this vulnerability in UUDeview version 0.5.20 across all tracked branches (bookworm, bullseye, forky, sid, trixie). ↗
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2004-0333: uudeview - Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8....
vendor_debian·2004·CVSS 10.0
CVE-2004-0333 [CRITICAL] CVE-2004-0333: uudeview - Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8....
Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters.
Scope: local
bookworm: resolved (fixed in 0.5.20)
bullseye: resolved (fixed in 0.5.20)
forky: resolved (fixed in 0.5.20)
sid: resolved (fixed in 0.5.20)
trixie: resolved (fixed in 0.5.20)
GHSA
GHSA-hfvp-w94h-cf79: Buffer overflow in the UUDeview package, as used in WinZip 6
ghsa_unreviewed·2022-04-29
CVE-2004-0333 [HIGH] GHSA-hfvp-w94h-cf79: Buffer overflow in the UUDeview package, as used in WinZip 6
Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters.
OSV
CVE-2004-0333: Buffer overflow in the UUDeview package, as used in WinZip 6
osv·2004-11-23·CVSS 10.0
CVE-2004-0333 [CRITICAL] CVE-2004-0333: Buffer overflow in the UUDeview package, as used in WinZip 6
Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/10995http://secunia.com/advisories/11019http://www.ciac.org/ciac/bulletins/o-092.shtmlhttp://www.idefense.com/application/poi/display?id=76&type=vulnerabiliti&flashstatus=truehttp://www.kb.cert.org/vuls/id/116182http://www.openpkg.org/security/OpenPKG-SA-2004.006-uudeview.htmlhttp://www.osvdb.org/4119http://www.securityfocus.com/bid/9758http://www.winzip.com/fmwz90.htmhttps://exchange.xforce.ibmcloud.com/vulnerabilities/15336https://exchange.xforce.ibmcloud.com/vulnerabilities/15490http://secunia.com/advisories/10995http://secunia.com/advisories/11019http://www.ciac.org/ciac/bulletins/o-092.shtmlhttp://www.idefense.com/application/poi/display?id=76&type=vulnerabiliti&flashstatus=truehttp://www.kb.cert.org/vuls/id/116182http://www.openpkg.org/security/OpenPKG-SA-2004.006-uudeview.htmlhttp://www.osvdb.org/4119http://www.securityfocus.com/bid/9758http://www.winzip.com/fmwz90.htmhttps://exchange.xforce.ibmcloud.com/vulnerabilities/15336https://exchange.xforce.ibmcloud.com/vulnerabilities/15490
2004-11-23
Published