PT-2006-5347 · Canyon+3 · Canyon Power File+5
Michael Hale Ligh
·
Published
2006-09-06
·
Updated
2024-02-14
·
CVE-2006-4554
CVSS v2.0
5.1
Medium
| Vector | AV:N/AC:H/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
BeCubed Compression Plus versions prior to 5.0.1.28
Tumbleweed EMF versions prior to 5.0.1.28
VCOM/Ontrack PowerDesk Pro versions prior to 5.0.1.28
Canyon Drag and Zip versions prior to 5.0.1.28
Canyon Power File versions prior to 5.0.1.28
Canyon Power File Gold versions prior to 5.0.1.28
Description
The issue is a stack-based buffer overflow in the ReadFile function, specifically in the ZOO-processing exports. This allows context-dependent attackers to execute arbitrary code via an inconsistent size parameter in a ZOO file header.
Recommendations
For BeCubed Compression Plus versions prior to 5.0.1.28, update to version 5.0.1.28 or later.
For Tumbleweed EMF versions prior to 5.0.1.28, update to version 5.0.1.28 or later.
For VCOM/Ontrack PowerDesk Pro versions prior to 5.0.1.28, update to version 5.0.1.28 or later.
For Canyon Drag and Zip versions prior to 5.0.1.28, update to version 5.0.1.28 or later.
For Canyon Power File versions prior to 5.0.1.28, update to version 5.0.1.28 or later.
For Canyon Power File Gold versions prior to 5.0.1.28, update to version 5.0.1.28 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Becubed Compression Plus
Canyon Drag/Zip
Canyon Power File
Canyon Power File Gold
Tumbleweed Emf
Vcom/Ontrack Powerdesk Pro