CVE-2004-1094

Name of the Vulnerable Software and Affected Versions: DUNZIP32.dll versions 5.00.03 and earlier RealPlayer versions 10 through 10.5 (6.0.12.1053) RealOne Player versions 1 and 2 CheckMark Software Payroll 2004/2005 versions 3.9.6 and earlier CheckMark MultiLedger versions prior to 7.0.2 dtSearch versions 6.x and 7.x McAfee VirusScan versions 10 Build 10.0.21 and earlier IBM Lotus Notes versions prior to 6.5.5

Description: A buffer overflow issue allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename. This issue affects various products, including those from RealPlayer, CheckMark Software, dtSearch, McAfee, and IBM Lotus Notes.

Recommendations: For DUNZIP32.dll version 5.00.03 and earlier, update to a version later than 5.00.03. For RealPlayer versions 10 through 10.5 (6.0.12.1053), update to a version later than 10.5 (6.0.12.1053). For RealOne Player versions 1 and 2, update to a version later than 2. For CheckMark Software Payroll 2004/2005 versions 3.9.6 and earlier, update to a version later than 3.9.6. For CheckMark MultiLedger versions prior to 7.0.2, update to version 7.0.2 or later. For dtSearch versions 6.x and 7.x, update to a version later than 7.x. For McAfee VirusScan versions 10 Build 10.0.21 and earlier, update to a version later than 10 Build 10.0.21. For IBM Lotus Notes versions prior to 6.5.5, update to version 6.5.5 or later.