PT-2006-3430 · Pentaware+1 · Ziptv For C++ Builder+5
Published
2006-09-08
·
Updated
2017-07-20
·
CVE-2006-2482
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
PentaZip version 8.5.1.190
PentaSuite-PRO version 8.5.1.221
ZipTV for Delphi 7 version 2006.1.26
ZipTV for C++ Builder version 2006-1.16
Description
A heap-based buffer overflow issue exists in the TZipTV component, allowing user-assisted attackers to execute arbitrary code via an ARJ archive with a long header.
Recommendations
For PentaZip version 8.5.1.190, update to a version that fixes the issue.
For PentaSuite-PRO version 8.5.1.221, update to a version that fixes the issue.
For ZipTV for Delphi 7 version 2006.1.26, update to a version that fixes the issue.
For ZipTV for C++ Builder version 2006-1.16, update to a version that fixes the issue.
As a temporary workaround, consider avoiding the use of ARJ archives with long headers until a patch is available.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
C++ Builder
Delphi 7
Pentasuite-Pro
Pentazip
Ziptv For C++ Builder
Ziptv For Delphi 7