Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3051

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2005-3051
Last Modified 04 Aug 2011 12:00:00
Published 23 Sep 2005 08:03:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3051

Summary

Stack-based buffer overflow in the ARJ plugin (arj.dll) 3.9.2.0 for 7-Zip 3.13, 4.23, and 4.26 BETA, as used in products including Turbo Searcher, allows remote attackers to execute arbitrary code via a large ARJ block.

Vulnerable Systems

Application

  • Igor Pavlov 7-zip 3.13

  • Igor Pavlov 7-zip 4.23

  • Igor Pavlov 7-zip 4.26 Beta


References

XF - turbo-searcher-arj-bo(30438)

VUPEN - ADV-2006-4603

MISC - http://www.vuln.sg/turbosearcher330-en.html

BID - 21208

BID - 14925

SECTRACK - 1017261

MISC - http://secunia.com/secunia_research/2005-45/advisory/

SECUNIA - 23004

SECUNIA - 16664

BUGTRAQ - 20050923 Secunia Research: 7-Zip ARJ Archive Handling Buffer Overflow


Last Updated: 27 May 2016 10:40:47