CVE-2007-0264 - Vulnerability Details - OpenCVE

Buffer overflow in Winzip32.exe in WinZip 9.0 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long command line argument. NOTE: this issue may cross privilege boundaries if an application automatically invokes Winzip32.exe for untrusted input filenames, as in the case of a file upload application. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Winzip	Winzip

Configuration 1 [-]

cpe:2.3:a:winzip:winzip:9.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/39800
http://www.securityfocus.com/bid/22020

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-01-16T23:00:00

Updated: 2024-08-07T12:12:17.417Z

Reserved: 2007-01-16T00:00:00

Link: CVE-2007-0264

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-01-16T23:28:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-0264

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-12T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in Winzip32.exe in WinZip 9.0 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long command line argument. NOTE: this issue may cross privilege boundaries if an application automatically invokes Winzip32.exe for untrusted input filenames, as in the case of a file upload application. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-04-28T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "22020", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22020"}, {"name": "39800", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/39800"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0264", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in Winzip32.exe in WinZip 9.0 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long command line argument. NOTE: this issue may cross privilege boundaries if an application automatically invokes Winzip32.exe for untrusted input filenames, as in the case of a file upload application. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "22020", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22020"}, {"name": "39800", "refsource": "OSVDB", "url": "http://osvdb.org/39800"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:12:17.417Z"}, "title": "CVE Program Container", "references": [{"name": "22020", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/22020"}, {"name": "39800", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/39800"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0264", "datePublished": "2007-01-16T23:00:00", "dateReserved": "2007-01-16T00:00:00", "dateUpdated": "2024-08-07T12:12:17.417Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:winzip:winzip:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "523ADB29-C3D5-4C06-89B6-22B5FC68C240", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in Winzip32.exe in WinZip 9.0 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long command line argument. NOTE: this issue may cross privilege boundaries if an application automatically invokes Winzip32.exe for untrusted input filenames, as in the case of a file upload application. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en el archivo Winzip32.exe en WinZip versi\u00f3n 9.0, permite a los usuarios locales causar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo arbitrario por medio de un argumento largo de l\u00ednea de comando. NOTA: este problema puede cruzar los l\u00edmites de privilegios si una aplicaci\u00f3n invoca autom\u00e1ticamente el archivo Winzip32.exe para nombres de archivos de entrada no confiables, como en el caso de una aplicaci\u00f3n de carga de archivos. NOTA: La procedencia de esta informaci\u00f3n es desconocida; los detalles son obtenidos \u00fanicamente a partir de informaci\u00f3n de tercero"}], "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nWinZip, WinZip, 9.0 SR1", "id": "CVE-2007-0264", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 2.7, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-01-16T23:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/39800"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22020"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/39800"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/22020"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}