PT-2006-3065 · Ace+1 · Cxace60.Dll+2

Tan Chew Keong

Published

2006-04-29

Updated

2018-10-18

CVE-2006-2085

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SpeedProject Squeez version 5.10 Build 4460 SpeedCommander versions 10.52 Build 4450 through 11.01 Build 4450

Description The issue is related to multiple buffer overflows in the CxAce60.dll and CxAce60u.dll files. This allows user-assisted remote attackers to execute arbitrary code via an ACE archive containing a file with a long filename.

Recommendations For SpeedProject Squeez version 5.10 Build 4460, consider disabling the use of ACE archives until a patch is available. For SpeedCommander versions 10.52 Build 4450 through 11.01 Build 4450, avoid using the CxAce60.dll and CxAce60u.dll files to handle ACE archives until the issue is resolved.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2006-2085

Affected Products

Cxace60.Dll

Speedcommander

Speedproject Squeez

PT-2006-3065 · Ace+1 · Cxace60.Dll+2

CVE-2006-2085

Weakness Enumeration

Related Identifiers

Affected Products

References · 12