PT-2005-3803 · Avira · Avira Desktop For Windows+1

Tan Chew Keong

Published

2005-09-16

Updated

2016-10-18

CVE-2005-2957

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions AVIRA Desktop for Windows version 1.00.00.68 with AVPACK32.DLL version 6.31.0.3

Description The issue is a stack-based buffer overflow that occurs when archive scanning is enabled, allowing remote attackers to execute arbitrary code via a long filename in an ACE archive.

Recommendations For AVIRA Desktop for Windows version 1.00.00.68 with AVPACK32.DLL version 6.31.0.3, consider disabling archive scanning until a patch is available. Restrict access to the AVPACK32.DLL module to minimize the risk of exploitation. Avoid using long filenames in ACE archives to prevent potential buffer overflow attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2957

Affected Products

Avira Desktop For Windows

Avpack32.Dll

PT-2005-3803 · Avira · Avira Desktop For Windows+1

CVE-2005-2957

Related Identifiers

Affected Products

References · 6