CVE-2005-2384

Name of the Vulnerable Software and Affected Versions avast! Antivirus Home/Professional Edition versions 4.6.665 avast! Antivirus Server Edition version 4.6.460

Description A directory traversal issue exists in a third-party compression library, specifically UNACEV2.DLL, used by avast! Antivirus. This issue allows remote attackers to write arbitrary files by using an ACE archive that contains filenames with either .. or absolute pathnames.

Recommendations For avast! Antivirus Home/Professional Edition version 4.6.665, consider updating to a version that does not use the vulnerable UNACEV2.DLL library. For avast! Antivirus Server Edition version 4.6.460, consider updating to a version that does not use the vulnerable UNACEV2.DLL library. As a temporary workaround, consider restricting the handling of ACE archives until a patch is available.