Lucene search

[email protected]CVE-2006-6960

HistoryJan 29, 2007 - 4:28 p.m.

CVE-2006-6960

2007-01-2916:28:00

[email protected]

web.nvd.nist.gov

webroot

spy sweeper

cve-2006-6960

compression sweep

rar

tar

cab

ace

security vulnerability

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

85.7%

JSON

The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier does not handle non-ZIP archives, which allows remote attackers to bypass the malware detection via files with (1) RAR, (2) GZ, (3) TAR, (4) CAB, or (5) ACE compression.

Affected configurations

NVD

Node

webroot_softwarespy_sweeperRange≤4.5.9

CPENameOperatorVersion
webroot_software:spy_sweeperwebroot software spy sweeperle4.5.9

CPE	Name	Operator	Version
webroot_software:spy_sweeper	webroot software spy sweeper	le	4.5.9

References

www.osvdb.org/27536

www.securityfocus.com/archive/1/437814/100/200/threaded

www.sentinel.gr/advisories/SGA-0001.txt

exchange.xforce.ibmcloud.com/vulnerabilities/27266

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

85.7%

JSON

Related for CVE-2006-6960

cvelist1 nvd1 securityvulns1