PT-2005-4579 · Speedproject · Speedcommander+2
Published
2005-11-26
·
Updated
2018-10-19
·
CVE-2005-3831
CVSS v2.0
5.1
Medium
| Vector | AV:N/AC:H/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
SpeedCommander versions 10.51 Build 4430 and 11.0 Build 4430
ZipStar version 5.0 Build 4285
Squeez version 5.0 Build 4285
Description
The issue is a stack-based buffer overflow in certain DLL files used by SpeedProject products. This allows attackers to execute arbitrary code via a ZIP archive containing a long filename.
Recommendations
For SpeedCommander versions 10.51 Build 4430 and 11.0 Build 4430, update to a version that fixes the issue in CxZIP60.dll and CxZIP60u.dll.
For ZipStar version 5.0 Build 4285, update to a version that fixes the issue in CxZIP60.dll and CxZIP60u.dll.
For Squeez version 5.0 Build 4285, update to a version that fixes the issue in CxZIP60.dll and CxZIP60u.dll.
As a temporary workaround, consider avoiding the use of ZIP archives with long filenames in the affected products until a patch is available.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Speedcommander
Squeeze
Zipstar