CVE-2005-3831

Name of the Vulnerable Software and Affected Versions SpeedCommander versions 10.51 Build 4430 and 11.0 Build 4430 ZipStar version 5.0 Build 4285 Squeez version 5.0 Build 4285

Description The issue is a stack-based buffer overflow in certain DLL files used by SpeedProject products. This allows attackers to execute arbitrary code via a ZIP archive containing a long filename.

Recommendations For SpeedCommander versions 10.51 Build 4430 and 11.0 Build 4430, update to a version that fixes the issue in CxZIP60.dll and CxZIP60u.dll. For ZipStar version 5.0 Build 4285, update to a version that fixes the issue in CxZIP60.dll and CxZIP60u.dll. For Squeez version 5.0 Build 4285, update to a version that fixes the issue in CxZIP60.dll and CxZIP60u.dll. As a temporary workaround, consider avoiding the use of ZIP archives with long filenames in the affected products until a patch is available.