Canyon · Canyon Power File · CVE-2006-4554
**Name of the Vulnerable Software and Affected Versions**
BeCubed Compression Plus versions prior to 5.0.1.28
Tumbleweed EMF versions prior to 5.0.1.28
VCOM/Ontrack PowerDesk Pro versions prior to 5.0.1.28
Canyon Drag and Zip versions prior to 5.0.1.28
Canyon Power File versions prior to 5.0.1.28
Canyon Power File Gold versions prior to 5.0.1.28
**Description**
The issue is a stack-based buffer overflow in the ReadFile function, specifically in the ZOO-processing exports. This allows context-dependent attackers to execute arbitrary code via an inconsistent size parameter in a ZOO file header.
**Recommendations**
For BeCubed Compression Plus versions prior to 5.0.1.28, update to version 5.0.1.28 or later.
For Tumbleweed EMF versions prior to 5.0.1.28, update to version 5.0.1.28 or later.
For VCOM/Ontrack PowerDesk Pro versions prior to 5.0.1.28, update to version 5.0.1.28 or later.
For Canyon Drag and Zip versions prior to 5.0.1.28, update to version 5.0.1.28 or later.
For Canyon Power File versions prior to 5.0.1.28, update to version 5.0.1.28 or later.
For Canyon Power File Gold versions prior to 5.0.1.28, update to version 5.0.1.28 or later.