PT-2006-2969 · Pkware+1 · Zip+2
Published
2006-04-21
·
Updated
2017-07-20
·
CVE-2006-1985
CVSS v2.0
5.1
Medium
| Vector | AV:N/AC:H/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
BOMArchiveHelper version 10.4 (6.3) Build 312
Mac OS X versions prior to 10.4.6
Description
The issue allows user-assisted attackers to execute arbitrary code via a crafted archive, such as ZIP, that contains long path names. This triggers an error in the
BOMStackPop function.Recommendations
For BOMArchiveHelper version 10.4 (6.3) Build 312, consider avoiding the use of crafted archives until a fix is available.
For Mac OS X versions prior to 10.4.6, update to a version later than 10.4.6 to resolve the issue.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bomarchivehelper
Macos X
Zip