Lucene search

Kaspersky LabKLA10125

HistorySep 05, 2006 - 12:00 a.m.

KLA10125 ACE vulnerability in Compression Plus

2006-09-0500:00:00

Kaspersky Lab

threats.kaspersky.com

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.033

Percentile

91.4%

JSON

A buffer overflow was found in the Compression Plus library. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed ZOO file.

Original advisories

BeCubed changelog

Related products

Compression-Plus

CVE list

CVE-2006-4554 high

Solution

Update to latest version

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Affected Products

BeCubed Compression Plus verrsions 5.0.1.27 and earlier

References

www.becubed.com/downloads/compfix.txt

statistics.securelist.com/

threats.kaspersky.com/en/product/Compression-Plus/

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.033

Percentile

91.4%

JSON

Related for KLA10125