Lucene search

[email protected]CVE-2005-3194

HistoryOct 14, 2005 - 10:02 a.m.

CVE-2005-3194

2005-10-1410:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-3194

alzip

buffer overflow

arbitrary code execution

remote attackers

filename

compressed archive

8.6 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.039 Low

EPSS

Percentile

91.9%

JSON

Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), and 5.52 (English) allow remote attackers to execute arbitrary code via a long filename in a compressed (1) ALZ, (2) ARJ, (3) ZIP, (4) UUE, or (5) XXE archive.

CPENameOperatorVersion
estsoft:alzipestsoft alzipeq6.12_korean
estsoft:alzipestsoft alzipeq6.1_international
estsoft:alzipestsoft alzipeq5.52_english

CPE	Name	Operator	Version
estsoft:alzip	estsoft alzip	eq	6.12_korean
estsoft:alzip	estsoft alzip	eq	6.1_international
estsoft:alzip	estsoft alzip	eq	5.52_english

References

secunia.com/advisories/16847/

secunia.com/secunia_research/2005-49/advisory/

securitytracker.com/id?1015003

www.osvdb.org/19889

www.osvdb.org/19890

www.securityfocus.com/bid/15010

exchange.xforce.ibmcloud.com/vulnerabilities/22526

8.6 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.039 Low

EPSS

Percentile

91.9%

JSON