Lucene search

Kaspersky LabKLA10338

HistoryApr 29, 2006 - 12:00 a.m.

KLA10338 ACE vulnerability in SpeedProject

2006-04-2900:00:00

Kaspersky Lab

threats.kaspersky.com

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.085 Low

EPSS

Percentile

94.3%

JSON

Detect date:

04/29/2006

Severity:

High

Description:

Buffer overflows were found in SpeedProject products. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed ACE file.

Affected products:

SpeedProject Squeez version 5.10 Build 4460
SpeedCommander versions 10.52 Build 4450 and 11.01 Build 4450

Solution:

Update to latest version

Impacts:

ACE

Related products:

Speedproject SpeedCommander

CVE-IDS:

CVE-2006-20855.1High

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2085

statistics.securelist.com/vulnerability-scan/month

threats.kaspersky.com/en/product/Speedproject-SpeedCommander/

threats.kaspersky.com/en/product/Speedproject-Squeez/

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.085 Low

EPSS

Percentile

94.3%

JSON

Related for KLA10338