Lucene search

[email protected]NVD:CVE-2005-2856

HistorySep 08, 2005 - 10:03 a.m.

CVE-2005-2856

2005-09-0810:03:00

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.02

Percentile

89.2%

JSON

Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party compression utility before 2.6.0.0, as used in multiple products including (1) ALZip 5.51 through 6.11, (2) Servant Salamander 2.0 and 2.5 Beta 1, (3) WinHKI 1.66 and 1.67, (4) ExtractNow 3.x, (5) Total Commander 6.53, (6) Anti-Trojan 5.5.421, (7) PowerArchiver before 9.61, (8) UltimateZip 2.7,1, 3.0.3, and 3.1b, (9) Where Is It (WhereIsIt) 3.73.501, (10) FilZip 3.04, (11) IZArc 3.5 beta3, (12) Eazel 1.0, (13) Rising Antivirus 18.27.21 and earlier, (14) AutoMate 6.1.0.0, (15) BitZipper 4.1 SR-1, (16) ZipTV, and other products, allows user-assisted attackers to execute arbitrary code via a long filename in an ACE archive.

Affected configurations

Nvd

Node

winacewinaceMatch2.6.0.0

VendorProductVersionCPE
winacewinace2.6.0.0cpe:2.3:a:winace:winace:2.6.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
winace	winace	2.6.0.0	cpe:2.3:a:winace:winace:2.6.0.0:::::::*

References

marc.info/?l=bugtraq&m=112621008228458&w=2

secunia.com/advisories/16479

secunia.com/advisories/19454

secunia.com/advisories/19458

secunia.com/advisories/19581

secunia.com/advisories/19596

secunia.com/advisories/19612

secunia.com/advisories/19834

secunia.com/advisories/19890

secunia.com/advisories/19931

secunia.com/advisories/19938

secunia.com/advisories/19939

secunia.com/advisories/19967

secunia.com/advisories/19975

secunia.com/advisories/19977

secunia.com/advisories/20009

secunia.com/advisories/20270

secunia.com/secunia_research/2005-41/advisory/

secunia.com/secunia_research/2006-24/advisory

secunia.com/secunia_research/2006-25/advisory

secunia.com/secunia_research/2006-27/

secunia.com/secunia_research/2006-28/advisory

secunia.com/secunia_research/2006-29/advisory/

secunia.com/secunia_research/2006-30/advisory

secunia.com/secunia_research/2006-32/advisory/

secunia.com/secunia_research/2006-33/advisory/

secunia.com/secunia_research/2006-36/advisory

secunia.com/secunia_research/2006-38/advisory

secunia.com/secunia_research/2006-46/advisory/

secunia.com/secunia_research/2006-50/advisory/

securityreason.com/securityalert/49

securitytracker.com/id?1014863

securitytracker.com/id?1015852

securitytracker.com/id?1016011

securitytracker.com/id?1016012

securitytracker.com/id?1016065

securitytracker.com/id?1016066

securitytracker.com/id?1016088

securitytracker.com/id?1016114

securitytracker.com/id?1016115

securitytracker.com/id?1016177

securitytracker.com/id?1016257

securitytracker.com/id?1016512

www.osvdb.org/25129

www.securityfocus.com/archive/1/432357/100/0/threaded

www.securityfocus.com/archive/1/432579/100/0/threaded

www.securityfocus.com/archive/1/433258/100/0/threaded

www.securityfocus.com/archive/1/433352/100/0/threaded

www.securityfocus.com/archive/1/433693/100/0/threaded

www.securityfocus.com/archive/1/434011/100/0/threaded

www.securityfocus.com/archive/1/434234/100/0/threaded

www.securityfocus.com/archive/1/434279/100/0/threaded

www.securityfocus.com/archive/1/436639/100/0/threaded

www.securityfocus.com/archive/1/440303/100/0/threaded

www.securityfocus.com/bid/14759

www.securityfocus.com/bid/19884

www.vupen.com/english/advisories/2006/1565

www.vupen.com/english/advisories/2006/1577

www.vupen.com/english/advisories/2006/1611

www.vupen.com/english/advisories/2006/1681

www.vupen.com/english/advisories/2006/1694

www.vupen.com/english/advisories/2006/1725

www.vupen.com/english/advisories/2006/1775

www.vupen.com/english/advisories/2006/1797

www.vupen.com/english/advisories/2006/1835

www.vupen.com/english/advisories/2006/1836

www.vupen.com/english/advisories/2006/2047

www.vupen.com/english/advisories/2006/2184

www.vupen.com/english/advisories/2006/2824

www.vupen.com/english/advisories/2006/3495

exchange.xforce.ibmcloud.com/vulnerabilities/26116

exchange.xforce.ibmcloud.com/vulnerabilities/26142

exchange.xforce.ibmcloud.com/vulnerabilities/26168

exchange.xforce.ibmcloud.com/vulnerabilities/26272

exchange.xforce.ibmcloud.com/vulnerabilities/26302

exchange.xforce.ibmcloud.com/vulnerabilities/26315

exchange.xforce.ibmcloud.com/vulnerabilities/26385

exchange.xforce.ibmcloud.com/vulnerabilities/26447

exchange.xforce.ibmcloud.com/vulnerabilities/26479

exchange.xforce.ibmcloud.com/vulnerabilities/26480

exchange.xforce.ibmcloud.com/vulnerabilities/26736

exchange.xforce.ibmcloud.com/vulnerabilities/26982

exchange.xforce.ibmcloud.com/vulnerabilities/27763

exchange.xforce.ibmcloud.com/vulnerabilities/28787

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.02

Percentile

89.2%

JSON

Related for NVD:CVE-2005-2856

kaspersky2 cvelist2 cve2 securityvulns5 exploitdb1 prion1 nvd1