Description
Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0.
Product(s):
- Allume Systems Division Stuffit Expander 6.5.2
- IBM Lotus Notes
- IBM Lotus Notes 0.2
- IBM Lotus Notes 3.0.0.1
- IBM Lotus Notes 3.0.0.2
- IBM Lotus Notes 3.0
- IBM Lotus Notes 4.2.1
- IBM Lotus Notes 4.2.2
- IBM Lotus Notes 4.2
- IBM Lotus Notes 4.5
- IBM Lotus Notes 5.0.10
- IBM Lotus Notes 5.0.11
- IBM Lotus Notes 5.0.1
- IBM Lotus Notes 5.0.2
- IBM Lotus Notes 5.0.3
- IBM Lotus Notes 5.0.4
- IBM Lotus Notes 5.0.5
- IBM Lotus Notes 5.0.9a
- IBM Lotus Notes 5.0
- IBM Lotus Notes R5
- IBM Lotus Notes R6
- Microsoft Windows 98 Plus Pack
- Verity KeyView Viewing SDK Gold
- WinZip 7.0
- Microsoft Windows ME
- Microsoft windows me_gold
- Microsoft Windows Millenium Edition SCD
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Gold Professional
- Microsoft Windows XP SP1 Home
- Microsoft Windows XP (gold) Home Edition
- Microsoft Windows XP Professional Gold
- Microsoft Windows XP Service Pack 1 Home Edition
- Microsoft Windows XP Service Pack 2 Home Edition
- Microsoft Windows XP Service Pack 3 Home Edition
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2002-0370, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2002-0370 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.