CVE-2005-3317
7.9 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.186 Low
EPSS
Percentile
96.2%
Multiple stack-based buffer overflows in ZipGenius 5.5.1.468 and 6.0.2.1041, and other versions before 6.0.2.1050, allow remote attackers to execute arbitrary code via (1) a ZIP archive that contains a file with a long filename, which is not properly handled by (a) zipgenius.exe, (b) zg.exe, © zgtips.dll, and (d) contmenu.dll; (2) a long original name in a (a) UUE, (b) XXE, or © MIM file, which is not properly handled by zipgenius.exe; or (3) an ACE archive with a file with a long filename, which is not properly handled by unacev2.dll.
References
forum.zipgenius.it/index.php?showtopic=684
secunia.com/advisories/17061
secunia.com/secunia_research/2005-54/advisory
securityreason.com/securityalert/103
securitytracker.com/id?1015090
www.osvdb.org/20157
www.osvdb.org/20158
www.osvdb.org/20159
www.securityfocus.com/archive/1/414083
www.securityfocus.com/bid/15161
Related
7.9 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.186 Low
EPSS
Percentile
96.2%