Lucene search

Kaspersky LabKLA10339

HistoryFeb 25, 2006 - 12:00 a.m.

KLA10339 WLF vulnerability in SpeedProject

2006-02-2500:00:00

Kaspersky Lab

threats.kaspersky.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.048

Percentile

92.8%

JSON

A directory traversal vulnerability was found in SpeedProject products. By exploiting this vulnerability malicious users can overwrite local files. This vulnerability can be exploited remotely at a point related to the JAR and ZIP archives.

Original advisories

Related products

Speedproject-SpeedCommander

Speedproject-ZipStar

Speedproject-Squeez

CVE list

CVE-2006-0890 critical

Solution

Update to latest version

Impacts

Write Local Files. Exploitation of vulnerabilities with this impact can lead to writing into some inaccessible files. Files that can be read depends on concrete program errors.

Affected Products

SpeedProject Squeez version 5.1SpeedProject ZipStar 5.1SpeedProject SpeedCommander 11.01.4450

References

statistics.securelist.com/

threats.kaspersky.com/en/product/Speedproject-SpeedCommander/

threats.kaspersky.com/en/product/Speedproject-Squeez/

threats.kaspersky.com/en/product/Speedproject-ZipStar/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.048

Percentile

92.8%

JSON

Related for KLA10339