{"vuid":"VU#383779","idnumber":"383779","name":"ZIP archives containing files with large filenames can cause buffer overflows","keywords":["Lotus Notes","PKZIP","PowerArchiver","PowerZip","TurboZip","Microsoft Windows","buffer overflow","shell decompression routine","long filename","arbitrary code execution"],"overview":"Multiple file decompression utilities contain buffer overflow vulnerabilities for which the impacts vary.","clean_desc":"Researchers at Rapid7, Inc. have discovered that multiple file decompression utilities are susceptible to buffer overflows as a result of large filenames embedded in crafted ZIP archive files. When affected users attempt to decompress these ZIP files, the buffer overflow may result in execution of arbitrary code.","impact":"The impact of this vulnerability may vary depending upon the product and its execution environment. Typically, successful exploitation of a buffer overflow will allow the attacker to execute arbitrary code with the privileges of the user running the application.","resolution":"Apply a patch The vendor section of this document lists vendors who have been notified of this issue and their responses.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported to the CERT/CC by Rapid7, Inc.","author":"This document was written by Jeffrey P. Lanza.","public":["h","t","t","p",":","/","/","w","w","w",".","r","a","p","i","d","7",".","c","o","m","/","a","d","v","i","s","o","r","i","e","s","/","R","7","-","0","0","0","4",".","t","x","t"],"cveids":["CVE-2002-0370"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-06-17T18:07:37Z","publicdate":"2002-10-02T00:00:00Z","datefirstpublished":"2002-10-02T20:06:41Z","dateupdated":"2003-01-06T21:54:41Z","revision":22,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"1","cam_exploitation":"10","cam_internetinfrastructure":"5","cam_population":"20","cam_impact":"15","cam_easeofexploitation":"15","cam_attackeraccessrequired":"15","cam_scorecurrent":"20.25","cam_scorecurrentwidelyknown":"44.296875","cam_scorecurrentwidelyknownexploited":"56.953125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":20.25,"vulnote":null}