nvd-json-data-feeds/CVE-2007/CVE-2007-02xx/CVE-2007-0264.json

{
  "id": "CVE-2007-0264",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2007-01-16T23:28:00.000",
  "lastModified": "2008-11-15T06:39:35.627",
  "vulnStatus": "Modified",
  "cveTags": [],
  "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nWinZip, WinZip, 9.0 SR1",
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in Winzip32.exe in WinZip 9.0 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long command line argument.  NOTE: this issue may cross privilege boundaries if an application automatically invokes Winzip32.exe for untrusted input filenames, as in the case of a file upload application.  NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de b\u00fafer en el archivo Winzip32.exe en WinZip versi\u00f3n 9.0, permite a los usuarios locales causar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo arbitrario por medio de un argumento largo de l\u00ednea de comando. NOTA: este problema puede cruzar los l\u00edmites de privilegios si una aplicaci\u00f3n invoca autom\u00e1ticamente el archivo Winzip32.exe para nombres de archivos de entrada no confiables, como en el caso de una aplicaci\u00f3n de carga de archivos. NOTA: La procedencia de esta informaci\u00f3n es desconocida; los detalles son obtenidos \u00fanicamente a partir de informaci\u00f3n de tercero"
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
          "accessVector": "LOCAL",
          "accessComplexity": "MEDIUM",
          "authentication": "SINGLE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.6
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 2.7,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": true,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:winzip:winzip:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "523ADB29-C3D5-4C06-89B6-22B5FC68C240"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://osvdb.org/39800",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.securityfocus.com/bid/22020",
      "source": "cve@mitre.org"
    }
  ]
}