CVE-2002-0370

NONE EPSS 98.6%
Published Oct 10, 200223y ago · Modified Jun 16, 20262w ago
Find Similar
Published Oct 10, 2002 23y ago
Last Modified Jun 16, 2026 2w ago

Description

Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0.

Threat Intelligence

EPSS Exploit Probability
98.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 20

VendorProductVersionRange
allume_systems_divisionstuffit_expander6.5.2any
ibmlotus_notes* ≤4.5
ibmlotus_notes5.0any
ibmlotus_notes5.0.1any
ibmlotus_notes5.0.2any
ibmlotus_notes5.0.3any
ibmlotus_notes5.0.4any
ibmlotus_notes5.0.5any
ibmlotus_notes5.0.9aany
ibmlotus_notes5.0.10any
ibmlotus_notes5.0.11any
ibmlotus_notesr5any
ibmlotus_notesr6any
veritykeyview_viewing_sdkgoldany
winzipwinzip7.0any
microsoftwindows_98_plus_pack*any
microsoftwindows_me*any
microsoftwindows_xp*any
microsoftwindows_xp*any
microsoftwindows_xp*any

References 9

  • archives.neohapsis.com http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0009.html
  • marc.info http://marc.info/?l=bugtraq&m=103428193409223&w=2
  • securityreason.com http://securityreason.com/securityalert/587
  • info-zip.org http://www.info-zip.org/FAQ.html
  • info.apple.com http://www.info.apple.com/usen/security/security_updates.html
  • iss.net http://www.iss.net/security_center/static/10251.php
    Vendor Advisory
  • kb.cert.org http://www.kb.cert.org/vuls/id/383779
    Third Party AdvisoryUS Government Resource
  • securityfocus.com http://www.securityfocus.com/bid/5873
    PatchVendor Advisory
  • docs.microsoft.com https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054

Remediation