Lucene search
MitreCVE-2009-2261HistoryJun 30, 2009 - 10:30 a.m.
CVE-2009-2261
2009-06-3010:30:21
CWE-20
mitre
web.nvd.nist.gov
26
2
cve-2009-2261
peazip
windows
arbitrary commands
remote attackers
nvd
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.7
Confidence
Low
EPSS
0.907
Percentile
98.8%
PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains | (pipe) characters and a command.
Affected configurations
Node
giorgio_tanipeazipRange≤2.5.1-windows
ORgiorgio_tanipeazipMatch1.0-windows
ORgiorgio_tanipeazipMatch1.1-windows
ORgiorgio_tanipeazipMatch1.2-windows
ORgiorgio_tanipeazipMatch1.3-windows
ORgiorgio_tanipeazipMatch1.4-windows
ORgiorgio_tanipeazipMatch1.5-windows
ORgiorgio_tanipeazipMatch1.6-windows
ORgiorgio_tanipeazipMatch1.7-windows
ORgiorgio_tanipeazipMatch1.8-windows
ORgiorgio_tanipeazipMatch1.8.1-windows
ORgiorgio_tanipeazipMatch1.8.2-windows
ORgiorgio_tanipeazipMatch1.9-windows
ORgiorgio_tanipeazipMatch1.9.1-windows
ORgiorgio_tanipeazipMatch1.9.2-windows
ORgiorgio_tanipeazipMatch1.9.3-windows
ORgiorgio_tanipeazipMatch1.10-windows
ORgiorgio_tanipeazipMatch1.11-windows
ORgiorgio_tanipeazipMatch2.0-windows
ORgiorgio_tanipeazipMatch2.1-windows
ORgiorgio_tanipeazipMatch2.2-windows
ORgiorgio_tanipeazipMatch2.3a-windows
ORgiorgio_tanipeazipMatch2.4-windows
ORgiorgio_tanipeazipMatch2.4.1-windows
ORgiorgio_tanipeazipMatch2.6.1-windows
| Vendor | Product | Version | CPE |
|---|---|---|---|
| giorgio_tani | peazip | * | cpe:2.3:a:giorgio_tani:peazip:*:-:windows:*:*:*:*:* |
| giorgio_tani | peazip | 1.0 | cpe:2.3:a:giorgio_tani:peazip:1.0:-:windows:*:*:*:*:* |
| giorgio_tani | peazip | 1.1 | cpe:2.3:a:giorgio_tani:peazip:1.1:-:windows:*:*:*:*:* |
| giorgio_tani | peazip | 1.2 | cpe:2.3:a:giorgio_tani:peazip:1.2:-:windows:*:*:*:*:* |
| giorgio_tani | peazip | 1.3 | cpe:2.3:a:giorgio_tani:peazip:1.3:-:windows:*:*:*:*:* |
| giorgio_tani | peazip | 1.4 | cpe:2.3:a:giorgio_tani:peazip:1.4:-:windows:*:*:*:*:* |
| giorgio_tani | peazip | 1.5 | cpe:2.3:a:giorgio_tani:peazip:1.5:-:windows:*:*:*:*:* |
| giorgio_tani | peazip | 1.6 | cpe:2.3:a:giorgio_tani:peazip:1.6:-:windows:*:*:*:*:* |
| giorgio_tani | peazip | 1.7 | cpe:2.3:a:giorgio_tani:peazip:1.7:-:windows:*:*:*:*:* |
| giorgio_tani | peazip | 1.8 | cpe:2.3:a:giorgio_tani:peazip:1.8:-:windows:*:*:*:*:* |
References
Social References
More
Related
openvas
openvas
PeaZIP < 2.6.2 RCE Vulnerability - Windows
2009-07-03 00:00:00
PeaZIP Remote Code Execution Vulnerability (Windows)
2009-07-03 00:00:00
nvd
nvd
CVE-2009-2261
2009-06-30 10:30:21
checkpoint_advisories
checkpoint_advisories
PeaZip Compressed Filename Command Injection (CVE-2009-2261)
2017-09-26 00:00:00
cvelist
cvelist
CVE-2009-2261
2009-06-30 10:00:00
exploitdb
exploitdb
PeaZIP 2.6.1 - Compressed Filename Command Injection
2009-06-05 00:00:00
PeaZIP 2.6.1 - Zip Processing Command Injection (Metasploit)
2010-09-20 00:00:00
prion
prion
Command injection
2009-06-30 10:30:00
metasploit
metasploit
PeaZip Zip Processing Command Injection
2010-02-10 17:28:25
packetstorm
packetstorm
PeaZip <= 2.6.1 Zip Processing Command Injection
2010-02-12 00:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.7
Confidence
Low
EPSS
0.907
Percentile
98.8%
Related for CVE-2009-2261