GEN:SID 1:2488
Message SMTP WinZip MIME content-disposition buffer overflow
Summary This event is generated when an attempt is made to exploit a buffer overflow
associated with winzip's processing of certain MIME archive files.
Impact A successful attack may permit a buffer overflow that allows the execution
of arbitrary code at the privilege level of the user running winzip.
Detailed Information Winzip is a program that is used for file compression on Windows hosts.
A buffer overflow exists when parsing specific header fields for certain
MIME file types.  An overly long value passed to the Content-Disposition
name field may trigger the buffer overflow and allow the execution of
arbitrary code in the context of the user running winzip.
Affected Systems Winzip 6.x, 7.x, 8.0, 8.1 SR-1, 8.1, Winzip 9.0 beta versions
Attack Scenarios An attacker can entice a user to open a malformed MIME file that will
invoke winzip to process it, possibly causing a a buffer overflow
and the subsequent execution of arbitrary code on the vulnerable host.
Ease of Attack Simple.
Corrective Action Upgrade to the latest non-affected version of the software.
Additional References  
Rule References bugtraq: 9758
cve: 2004-0333
nessus: 12621