CVE-2002-0370

high Microsoft
CVSS v3 Base Score
7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS Score
30.2%
Exploitation probability in 30 days
Top 3% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P
Published: October 10, 2002 (8617 days ago)
Last Modified: April 16, 2026
Vendor: Microsoft
Source: NVD

Description

Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0.

CWE

NVD-CWE-Other

Affected Products

allume systems division stuffit expanderibm lotus notesverity keyview viewing sdkwinzip winzipmicrosoft windows 98 plus packmicrosoft windows memicrosoft windows xp

References

🔗 archives.neohapsis.com 🔗 marc.info 🔗 securityreason.com 🔗 www.info-zip.org 🔗 www.info.apple.com