Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3832

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2005-3832
Last Modified 07 Mar 2011 12:00:00
Published 26 Nov 2005 02:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2005-3832

Summary

Stack-based buffer overflow in (1) CxUux60.dll and (2) CxUux60u.dll, as used in SpeedProject products including (a) Squeez 5.0 Build 4285, and (b) SpeedCommander 11.0 Build 4430 and 10.51 Build 4430, allows user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename.

Vulnerable Systems

Application

  • Speedproject Speedcommander 10.51 Build4430

  • Speedproject Speedcommander 11.0 Build4430

  • Speedproject Squeez 5.0 Build 4285


References

BUGTRAQ - 20051124 Secunia Research: SpeedProject Products ZIP/UUE File ExtractionBuffer Overflow

SECTRACK - 1015267

SECTRACK - 1015266

SECTRACK - 1015265

MISC - http://secunia.com/secunia_research/2005-60/advisory

SECUNIA - 17420

VUPEN - ADV-2005-2570

OSVDB - 21073

SREASON - 204


Last Updated: 27 May 2016 10:41:04