PT-2006-5347 · Canyon+3 · Canyon Power File+5
Michael Hale Ligh
·
Publicado
2006-09-06
·
Atualizado
2024-02-14
·
CVE-2006-4554
CVSS v2.0
5.1
Média
| Vetor | AV:N/AC:H/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
BeCubed Compression Plus versions prior to 5.0.1.28
Tumbleweed EMF versions prior to 5.0.1.28
VCOM/Ontrack PowerDesk Pro versions prior to 5.0.1.28
Canyon Drag and Zip versions prior to 5.0.1.28
Canyon Power File versions prior to 5.0.1.28
Canyon Power File Gold versions prior to 5.0.1.28
Description
The issue is a stack-based buffer overflow in the ReadFile function, specifically in the ZOO-processing exports. This allows context-dependent attackers to execute arbitrary code via an inconsistent size parameter in a ZOO file header.
Recommendations
For BeCubed Compression Plus versions prior to 5.0.1.28, update to version 5.0.1.28 or later.
For Tumbleweed EMF versions prior to 5.0.1.28, update to version 5.0.1.28 or later.
For VCOM/Ontrack PowerDesk Pro versions prior to 5.0.1.28, update to version 5.0.1.28 or later.
For Canyon Drag and Zip versions prior to 5.0.1.28, update to version 5.0.1.28 or later.
For Canyon Power File versions prior to 5.0.1.28, update to version 5.0.1.28 or later.
For Canyon Power File Gold versions prior to 5.0.1.28, update to version 5.0.1.28 or later.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Becubed Compression Plus
Canyon Drag/Zip
Canyon Power File
Canyon Power File Gold
Tumbleweed Emf
Vcom/Ontrack Powerdesk Pro