ID CVE-2004-1936 Type cve Reporter cve@mitre.org Modified 2017-07-11T01:31:00
Description
ZoneAlarm Pro 4.5.538.001 and possibly other versions allows remote attackers to bypass e-mail protection via attachments whose names contain certain non-English characters.
{"osvdb": [{"lastseen": "2017-04-28T13:20:00", "bulletinFamily": "software", "cvelist": ["CVE-2004-1936"], "edition": 1, "description": "## Vulnerability Description\nZone Alarm contains a flaw in Email Protection that may allow a malicious user to bypass email attachement filename filter. The issue is triggered when foreign characters or parens is used in filenames (c - \u00e8, s - \u00b9, z - \u00be). The attachement will not be qurarantined. It is possible that the flaw may allow a remote attacker to bypass ZoneAlarm and send arbitrary malwares in email attachemnt, resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 5.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nZone Alarm contains a flaw in Email Protection that may allow a malicious user to bypass email attachement filename filter. The issue is triggered when foreign characters or parens is used in filenames (c - \u00e8, s - \u00b9, z - \u00be). The attachement will not be qurarantined. It is possible that the flaw may allow a remote attacker to bypass ZoneAlarm and send arbitrary malwares in email attachemnt, resulting in a loss of integrity.\n## References:\n[Related OSVDB ID: 5930](https://vulners.com/osvdb/OSVDB:5930)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-04/0158.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-04/0168.html\nISS X-Force ID: 15884\n[CVE-2004-1936](https://vulners.com/cve/CVE-2004-1936)\nBugtraq ID: 10148\n", "modified": "2004-04-14T00:00:00", "published": "2004-04-14T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:5929", "id": "OSVDB:5929", "type": "osvdb", "title": "ZoneAlarm Special Character Filename Bypass", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
