CVE-2006-2909

Name of the Vulnerable Software and Affected Versions PicoZip version 4.01

Description The issue is a stack-based buffer overflow in the info tip shell extension, specifically in the zipinfo.dll component. This occurs when a user moves the mouse over an archive with a long filename in ACE, RAR, or ZIP formats, allowing remote attackers to execute arbitrary code.

Recommendations For PicoZip version 4.01, consider disabling the zipinfo.dll component or restricting its use until a patch is available to prevent exploitation of the buffer overflow.