PT-2006-3065 · Ace+1 · Cxace60.Dll+2

Tan Chew Keong

Publicado

2006-04-29

Atualizado

2018-10-18

CVE-2006-2085

CVSS v2.0

5.1

Média

Vetor

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SpeedProject Squeez version 5.10 Build 4460 SpeedCommander versions 10.52 Build 4450 through 11.01 Build 4450

Description The issue is related to multiple buffer overflows in the CxAce60.dll and CxAce60u.dll files. This allows user-assisted remote attackers to execute arbitrary code via an ACE archive containing a file with a long filename.

Recommendations For SpeedProject Squeez version 5.10 Build 4460, consider disabling the use of ACE archives until a patch is available. For SpeedCommander versions 10.52 Build 4450 through 11.01 Build 4450, avoid using the CxAce60.dll and CxAce60u.dll files to handle ACE archives until the issue is resolved.

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2006-2085

Produtos afetados

Cxace60.Dll

Speedcommander

Speedproject Squeez

PT-2006-3065 · Ace+1 · Cxace60.Dll+2

CVE-2006-2085

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12