PT-2005-3298 · Avast · Avast Antivirus

Published

2005-07-27

Updated

2008-09-05

CVE-2005-2384

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions avast! Antivirus Home/Professional Edition versions 4.6.665 avast! Antivirus Server Edition version 4.6.460

Description A directory traversal issue exists in a third-party compression library, specifically UNACEV2.DLL, used by avast! Antivirus. This issue allows remote attackers to write arbitrary files by using an ACE archive that contains filenames with either .. or absolute pathnames.

Recommendations For avast! Antivirus Home/Professional Edition version 4.6.665, consider updating to a version that does not use the vulnerable UNACEV2.DLL library. For avast! Antivirus Server Edition version 4.6.460, consider updating to a version that does not use the vulnerable UNACEV2.DLL library. As a temporary workaround, consider restricting the handling of ACE archives until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2384

Affected Products

Avast Antivirus

PT-2005-3298 · Avast · Avast Antivirus

CVE-2005-2384

Related Identifiers

Affected Products

References · 5