Lucene search

[email protected]CVE-2005-2856

HistorySep 08, 2005 - 10:03 a.m.

CVE-2005-2856

2005-09-0810:03:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2005-2856

stack-based buffer overflow

winace

unacev2.dll

third-party compression utility

security vulnerability

ace archive

arbitrary code execution

nvd

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.022 Low

EPSS

Percentile

89.3%

JSON

Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party compression utility before 2.6.0.0, as used in multiple products including (1) ALZip 5.51 through 6.11, (2) Servant Salamander 2.0 and 2.5 Beta 1, (3) WinHKI 1.66 and 1.67, (4) ExtractNow 3.x, (5) Total Commander 6.53, (6) Anti-Trojan 5.5.421, (7) PowerArchiver before 9.61, (8) UltimateZip 2.7,1, 3.0.3, and 3.1b, (9) Where Is It (WhereIsIt) 3.73.501, (10) FilZip 3.04, (11) IZArc 3.5 beta3, (12) Eazel 1.0, (13) Rising Antivirus 18.27.21 and earlier, (14) AutoMate 6.1.0.0, (15) BitZipper 4.1 SR-1, (16) ZipTV, and other products, allows user-assisted attackers to execute arbitrary code via a long filename in an ACE archive.

CPENameOperatorVersion
winace:winacewinaceeq2.6.0.0

CPE	Name	Operator	Version
winace:winace	winace	eq	2.6.0.0

References

marc.info/?l=bugtraq&m=112621008228458&w=2

secunia.com/advisories/16479

secunia.com/advisories/19454

secunia.com/advisories/19458

secunia.com/advisories/19581

secunia.com/advisories/19596

secunia.com/advisories/19612

secunia.com/advisories/19834

secunia.com/advisories/19890

secunia.com/advisories/19931

secunia.com/advisories/19938

secunia.com/advisories/19939

secunia.com/advisories/19967

secunia.com/advisories/19975

secunia.com/advisories/19977

secunia.com/advisories/20009

secunia.com/advisories/20270

secunia.com/secunia_research/2005-41/advisory/

secunia.com/secunia_research/2006-24/advisory

secunia.com/secunia_research/2006-25/advisory

secunia.com/secunia_research/2006-27/

secunia.com/secunia_research/2006-28/advisory

secunia.com/secunia_research/2006-29/advisory/

secunia.com/secunia_research/2006-30/advisory

secunia.com/secunia_research/2006-32/advisory/

secunia.com/secunia_research/2006-33/advisory/

secunia.com/secunia_research/2006-36/advisory

secunia.com/secunia_research/2006-38/advisory

secunia.com/secunia_research/2006-46/advisory/

secunia.com/secunia_research/2006-50/advisory/

securityreason.com/securityalert/49

securitytracker.com/id?1014863

securitytracker.com/id?1015852

securitytracker.com/id?1016011

securitytracker.com/id?1016012

securitytracker.com/id?1016065

securitytracker.com/id?1016066

securitytracker.com/id?1016088

securitytracker.com/id?1016114

securitytracker.com/id?1016115

securitytracker.com/id?1016177

securitytracker.com/id?1016257

securitytracker.com/id?1016512

www.osvdb.org/25129

www.securityfocus.com/archive/1/432357/100/0/threaded

www.securityfocus.com/archive/1/432579/100/0/threaded

www.securityfocus.com/archive/1/433258/100/0/threaded

www.securityfocus.com/archive/1/433352/100/0/threaded

www.securityfocus.com/archive/1/433693/100/0/threaded

www.securityfocus.com/archive/1/434011/100/0/threaded

www.securityfocus.com/archive/1/434234/100/0/threaded

www.securityfocus.com/archive/1/434279/100/0/threaded

www.securityfocus.com/archive/1/436639/100/0/threaded

www.securityfocus.com/archive/1/440303/100/0/threaded

www.securityfocus.com/bid/14759

www.securityfocus.com/bid/19884

www.vupen.com/english/advisories/2006/1565

www.vupen.com/english/advisories/2006/1577

www.vupen.com/english/advisories/2006/1611

www.vupen.com/english/advisories/2006/1681

www.vupen.com/english/advisories/2006/1694

www.vupen.com/english/advisories/2006/1725

www.vupen.com/english/advisories/2006/1775

www.vupen.com/english/advisories/2006/1797

www.vupen.com/english/advisories/2006/1835

www.vupen.com/english/advisories/2006/1836

www.vupen.com/english/advisories/2006/2047

www.vupen.com/english/advisories/2006/2184

www.vupen.com/english/advisories/2006/2824

www.vupen.com/english/advisories/2006/3495

exchange.xforce.ibmcloud.com/vulnerabilities/26116

exchange.xforce.ibmcloud.com/vulnerabilities/26142

exchange.xforce.ibmcloud.com/vulnerabilities/26168

exchange.xforce.ibmcloud.com/vulnerabilities/26272

exchange.xforce.ibmcloud.com/vulnerabilities/26302

exchange.xforce.ibmcloud.com/vulnerabilities/26315

exchange.xforce.ibmcloud.com/vulnerabilities/26385

exchange.xforce.ibmcloud.com/vulnerabilities/26447

exchange.xforce.ibmcloud.com/vulnerabilities/26479

exchange.xforce.ibmcloud.com/vulnerabilities/26480

exchange.xforce.ibmcloud.com/vulnerabilities/26736

exchange.xforce.ibmcloud.com/vulnerabilities/26982

exchange.xforce.ibmcloud.com/vulnerabilities/27763

exchange.xforce.ibmcloud.com/vulnerabilities/28787

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.022 Low

EPSS

Percentile

89.3%

JSON

Related for CVE-2005-2856

kaspersky2 securityvulns5 cve1 prion1