Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2005-2856

Disclosure Date: September 08, 2005 •

Description

Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party compression utility before 2.6.0.0, as used in multiple products including (1) ALZip 5.51 through 6.11, (2) Servant Salamander 2.0 and 2.5 Beta 1, (3) WinHKI 1.66 and 1.67, (4) ExtractNow 3.x, (5) Total Commander 6.53, (6) Anti-Trojan 5.5.421, (7) PowerArchiver before 9.61, (8) UltimateZip 2.7,1, 3.0.3, and 3.1b, (9) Where Is It (WhereIsIt) 3.73.501, (10) FilZip 3.04, (11) IZArc 3.5 beta3, (12) Eazel 1.0, (13) Rising Antivirus 18.27.21 and earlier, (14) AutoMate 6.1.0.0, (15) BitZipper 4.1 SR-1, (16) ZipTV, and other products, allows user-assisted attackers to execute arbitrary code via a long filename in an ACE archive.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

winace

Products

winace 2.6.0.0

Weaknesses

CWE-119

References

Canonical

CVE-2005-2856 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2856)

BID-19884 (http://www.securityfocus.com/bid/19884)

BID-14759 (http://www.securityfocus.com/bid/14759)

Advisory

XF-automate-unacev2-bo(26982) (https://exchange.xforce.ibmcloud.com/vulnerabilities/26982)

SECTRACK-1016512 (http://securitytracker.com/id?1016512)

ADV-2006-2824 (http://www.vupen.com/english/advisories/2006/2824)

SREASON-49 (http://securityreason.com/securityalert/49)

XF-eazel-ztvunacev2-bo(26479) (https://exchange.xforce.ibmcloud.com/vulnerabilities/26479)

ADV-2006-1797 (http://www.vupen.com/english/advisories/2006/1797)

20060517 Secunia Research: Eazel unacev2.dll Buffer Overflow Vulnerability (http://www.securityfocus.com/archive/1/434279/100/0/threaded)

SECTRACK-1014863 (http://securitytracker.com/id?1014863)

SECTRACK-1016011 (http://securitytracker.com/id?1016011)

SECTRACK-1016115 (http://securitytracker.com/id?1016115)

SECUNIA-19939 (http://secunia.com/advisories/19939)

SECTRACK-1016065 (http://securitytracker.com/id?1016065)

ADV-2006-1835 (http://www.vupen.com/english/advisories/2006/1835)

SECTRACK-1016088 (http://securitytracker.com/id?1016088)

ADV-2006-3495 (http://www.vupen.com/english/advisories/2006/3495)

SECUNIA-19967 (http://secunia.com/advisories/19967)

SECTRACK-1016177 (http://securitytracker.com/id?1016177)

SECTRACK-1016114 (http://securitytracker.com/id?1016114)

XF-powerarchiver-unacev2-ace-bo(26272) (https://exchange.xforce.ibmcloud.com/vulnerabilities/26272)

20060501 Secunia Research: WinHKI unacev2.dll Buffer Overflow Vulnerability (http://www.securityfocus.com/archive/1/432579/100/0/threaded)

SECUNIA-19931 (http://secunia.com/advisories/19931)

XF-filzip-unacev2-bo(26447) (https://exchange.xforce.ibmcloud.com/vulnerabilities/26447)

SECUNIA-19975 (http://secunia.com/advisories/19975)

ADV-2006-1775 (http://www.vupen.com/english/advisories/2006/1775)

SECUNIA-16479 (http://secunia.com/advisories/16479)

XF-ultimatezip-unacev2-bo(26385) (https://exchange.xforce.ibmcloud.com/vulnerabilities/26385)

XF-servant-salamander-unacev2-bo(26116) (https://exchange.xforce.ibmcloud.com/vulnerabilities/26116)

20060609 Secunia Research: AutoMate unacev2.dll Buffer OverflowVulnerability (http://www.securityfocus.com/archive/1/436639/100/0/threaded)

ADV-2006-1611 (http://www.vupen.com/english/advisories/2006/1611)

ADV-2006-1681 (http://www.vupen.com/english/advisories/2006/1681)

20060511 Secunia Research: UltimateZip unacev2.dll Buffer OverflowVulnerability (http://www.securityfocus.com/archive/1/433693/100/0/threaded)

ADV-2006-2184 (http://www.vupen.com/english/advisories/2006/2184)

ADV-2006-1577 (http://www.vupen.com/english/advisories/2006/1577)

20060517 Secunia Research: IZArc unacev2.dll Buffer Overflow Vulnerability (http://www.securityfocus.com/archive/1/434234/100/0/threaded)

SECUNIA-19938 (http://secunia.com/advisories/19938)

SECUNIA-19581 (http://secunia.com/advisories/19581)

XF-antitrojan-unacev2-bo(26302) (https://exchange.xforce.ibmcloud.com/vulnerabilities/26302)

ADV-2006-1694 (http://www.vupen.com/english/advisories/2006/1694)

SECUNIA-20270 (http://secunia.com/advisories/20270)

SECUNIA-19890 (http://secunia.com/advisories/19890)

SECUNIA-19977 (http://secunia.com/advisories/19977)

XF-winhki-unacev2-bo(26142) (https://exchange.xforce.ibmcloud.com/vulnerabilities/26142)

SECUNIA-19596 (http://secunia.com/advisories/19596)

SECTRACK-1016066 (http://securitytracker.com/id?1016066)

20060717 Secunia Research: BitZipper unacev2.dll Buffer OverflowVulnerability (http://www.securityfocus.com/archive/1/440303/100/0/threaded)

SECUNIA-19458 (http://secunia.com/advisories/19458)

SECTRACK-1016012 (http://securitytracker.com/id?1016012)

XF-risingantivirus-unacev2-bo(26736) (https://exchange.xforce.ibmcloud.com/vulnerabilities/26736)

SECUNIA-19454 (http://secunia.com/advisories/19454)

20060508 Secunia Research: Anti-Trojan unacev2.dll Buffer OverflowVulnerability (http://www.securityfocus.com/archive/1/433258/100/0/threaded)

XF-whereisit-unacev2-bo(26315) (https://exchange.xforce.ibmcloud.com/vulnerabilities/26315)

20060428 Secunia Research: Servant Salamander unacev2.dll Buffer OverflowVulnerability (http://www.securityfocus.com/archive/1/432357/100/0/threaded)

OSVDB-25129 (http://www.osvdb.org/25129)

XF-bitzipper-unacev2-bo(27763) (https://exchange.xforce.ibmcloud.com/vulnerabilities/27763)

SECUNIA-19834 (http://secunia.com/advisories/19834)

20060515 Secunia Research: FilZip unacev2.dll Buffer Overflow Vulnerability (http://www.securityfocus.com/archive/1/434011/100/0/threaded)

XF-tziptv-unacev2-bo(28787) (https://exchange.xforce.ibmcloud.com/vulnerabilities/28787)

20060509 Secunia Research: Where Is It unacev2.dll Buffer OverflowVulnerability (http://www.securityfocus.com/archive/1/433352/100/0/threaded)

SECUNIA-20009 (http://secunia.com/advisories/20009)

XF-izarc-unacev2-bo(26480) (https://exchange.xforce.ibmcloud.com/vulnerabilities/26480)

ADV-2006-2047 (http://www.vupen.com/english/advisories/2006/2047)

XF-extractnow-unacev2-ace-bo(26168) (https://exchange.xforce.ibmcloud.com/vulnerabilities/26168)

ADV-2006-1836 (http://www.vupen.com/english/advisories/2006/1836)

SECTRACK-1016257 (http://securitytracker.com/id?1016257)

SECUNIA-19612 (http://secunia.com/advisories/19612)

ADV-2006-1565 (http://www.vupen.com/english/advisories/2006/1565)

ADV-2006-1725 (http://www.vupen.com/english/advisories/2006/1725)

SECTRACK-1015852 (http://securitytracker.com/id?1015852)

20050908 Secunia Research: ALZip ACE Archive Handling Buffer Overflow (http://marc.info?l=bugtraq&m=112621008228458&w=2)

Miscellaneous

http://secunia.com/secunia_research/2006-24/advisory

http://secunia.com/secunia_research/2006-46/advisory

http://secunia.com/secunia_research/2006-27

http://secunia.com/secunia_research/2006-50/advisory

http://secunia.com/secunia_research/2006-36/advisory

http://secunia.com/secunia_research/2006-28/advisory

http://secunia.com/secunia_research/2006-33/advisory

http://secunia.com/secunia_research/2006-29/advisory

http://secunia.com/secunia_research/2006-38/advisory

http://secunia.com/secunia_research/2005-41/advisory

http://secunia.com/secunia_research/2006-25/advisory

http://secunia.com/secunia_research/2006-32/advisory

http://secunia.com/secunia_research/2006-30/advisory

Rapid7

Technical Analysis