Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2085

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-2085
Last Modified 20 Sep 2011 12:00:00
Published 29 Apr 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2085

Summary

Multiple buffer overflows in (1) CxAce60.dll and (2) CxAce60u.dll in SpeedProject Squeez 5.10 Build 4460, and SpeedCommander 10.52 Build 4450 and 11.01 Build 4450, allow user-assisted remote attackers to execute arbitrary code via an ACE archive that contains a file with a long filename.

Vulnerable Systems

Application

  • Speedproject Speedcommander 10.52 Build4450

  • Speedproject Speedcommander 11.01 Build4450

  • Speedproject Squeez 5.10 Build 4460


References

BUGTRAQ - 20060426 Secunia Research: SpeedProject Products ACE Archive HandlingBuffer Overflow

SECUNIA - 19473

XF - speedproject-ace-bo(26115)

VUPEN - ADV-2006-1535

MISC - http://www.speedproject.de/enu/

BID - 17709

OSVDB - 24990

SECTRACK - 1016003

SECTRACK - 1016002

SREASON - 820

MISC - http://secunia.com/secunia_research/2006-23/advisory


Last Updated: 27 May 2016 10:42:20