Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2856

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-2856
Last Modified 07 Jan 2014 09:44:41
Published 08 Sep 2005 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2856

Summary

Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party compression utility before 2.6.0.0, as used in multiple products including (1) ALZip 5.51 through 6.11, (2) Servant Salamander 2.0 and 2.5 Beta 1, (3) WinHKI 1.66 and 1.67, (4) ExtractNow 3.x, (5) Total Commander 6.53, (6) Anti-Trojan 5.5.421, (7) PowerArchiver before 9.61, (8) UltimateZip 2.7,1, 3.0.3, and 3.1b, (9) Where Is It (WhereIsIt) 3.73.501, (10) FilZip 3.04, (11) IZArc 3.5 beta3, (12) Eazel 1.0, (13) Rising Antivirus 18.27.21 and earlier, (14) AutoMate 6.1.0.0, (15) BitZipper 4.1 SR-1, (16) ZipTV, and other products, allows user-assisted attackers to execute arbitrary code via a long filename in an ACE archive.

Vulnerable Systems

Application

  • Winace 2.6.0.0


References

SECUNIA - 16479

XF - izarc-unacev2-bo(26480)

XF - eazel-ztvunacev2-bo(26479)

XF - filzip-unacev2-bo(26447)

VUPEN - ADV-2006-3495

VUPEN - ADV-2006-2824

VUPEN - ADV-2006-2184

VUPEN - ADV-2006-2047

VUPEN - ADV-2006-1836

VUPEN - ADV-2006-1835

VUPEN - ADV-2006-1797

VUPEN - ADV-2006-1775

VUPEN - ADV-2006-1725

VUPEN - ADV-2006-1694

VUPEN - ADV-2006-1681

VUPEN - ADV-2006-1611

VUPEN - ADV-2006-1577

VUPEN - ADV-2006-1565

BID - 14759

BUGTRAQ - 20060609 Secunia Research: AutoMate unacev2.dll Buffer OverflowVulnerability

BUGTRAQ - 20060517 Secunia Research: Eazel unacev2.dll Buffer Overflow Vulnerability

BUGTRAQ - 20060517 Secunia Research: IZArc unacev2.dll Buffer Overflow Vulnerability

BUGTRAQ - 20060515 Secunia Research: FilZip unacev2.dll Buffer Overflow Vulnerability

BUGTRAQ - 20060511 Secunia Research: UltimateZip unacev2.dll Buffer OverflowVulnerability

BUGTRAQ - 20060509 Secunia Research: Where Is It unacev2.dll Buffer OverflowVulnerability

BUGTRAQ - 20060508 Secunia Research: Anti-Trojan unacev2.dll Buffer OverflowVulnerability

BUGTRAQ - 20060501 Secunia Research: WinHKI unacev2.dll Buffer Overflow Vulnerability

BUGTRAQ - 20060428 Secunia Research: Servant Salamander unacev2.dll Buffer OverflowVulnerability

OSVDB - 25129

SECTRACK - 1016177

SECTRACK - 1016115

SECTRACK - 1016114

SECTRACK - 1016088

SECTRACK - 1016066

SECTRACK - 1016065

SECTRACK - 1016012

SECTRACK - 1016011

SECTRACK - 1015852

SECTRACK - 1014863

MISC - http://secunia.com/secunia_research/2006-38/advisory

MISC - http://secunia.com/secunia_research/2006-36/advisory

MISC - http://secunia.com/secunia_research/2006-33/advisory/

MISC - http://secunia.com/secunia_research/2006-32/advisory/

MISC - http://secunia.com/secunia_research/2006-30/advisory

MISC - http://secunia.com/secunia_research/2006-29/advisory/

MISC - http://secunia.com/secunia_research/2006-28/advisory

MISC - http://secunia.com/secunia_research/2006-27/

MISC - http://secunia.com/secunia_research/2006-25/advisory

MISC - http://secunia.com/secunia_research/2006-24/advisory

MISC - http://secunia.com/secunia_research/2005-41/advisory/

SECUNIA - 20009

SECUNIA - 19977

SECUNIA - 19975

SECUNIA - 19967

SECUNIA - 19938

SECUNIA - 19931

SECUNIA - 19890

SECUNIA - 19834

SECUNIA - 19612

SECUNIA - 19596

SECUNIA - 19581

SECUNIA - 19458

SECUNIA - 19454

BUGTRAQ - 20050908 Secunia Research: ALZip ACE Archive Handling Buffer Overflow

XF - bitzipper-unacev2-bo(27763)

XF - automate-unacev2-bo(26982)

XF - risingantivirus-unacev2-bo(26736)

XF - ultimatezip-unacev2-bo(26385)

XF - whereisit-unacev2-bo(26315)

XF - antitrojan-unacev2-bo(26302)

XF - powerarchiver-unacev2-ace-bo(26272)

XF - extractnow-unacev2-ace-bo(26168)

XF - winhki-unacev2-bo(26142)

XF - servant-salamander-unacev2-bo(26116)

BID - 19884

BUGTRAQ - 20060717 Secunia Research: BitZipper unacev2.dll Buffer OverflowVulnerability

SECTRACK - 1016512

SECTRACK - 1016257

SREASON - 49

MISC - http://secunia.com/secunia_research/2006-50/advisory/

MISC - http://secunia.com/secunia_research/2006-46/advisory/

SECUNIA - 20270

SECUNIA - 19939

XF - tziptv-unacev2-bo(28787)


Last Updated: 27 May 2016 11:03:21