Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0575 — Microsoft Windows 2003 Server vulnerability

5 documents4 sources

Severity

10.0CRITICALNVD

EPSS

72.4%

top 1.23%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows 2003 Server

Timeline

PublishedNov 3

Latest updateApr 29

Description

Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/windows_2003_server64-bit, r2+1

🔴Vulnerability Details

GHSA

GHSA-w8hg-7c82-p34g: Integer overflow in DUNZIP32↗2022-04-29

▶

CVEList

CVE-2004-0575: Integer overflow in DUNZIP32↗2004-10-16

▶

💥Exploits & PoCs

Exploit-DB

GetRight 5.2a - '.grs' Skin File Buffer Overflow↗2004-12-06

▶

Exploit-DB

Microsoft Windows - Compressed Zipped Folders (MS04-034)↗2004-11-19

▶