CVE-2006-2085

EPSS 4.98%
Veröffentlicht 29.04.2006 10:02:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple buffer overflows in (1) CxAce60.dll and (2) CxAce60u.dll in SpeedProject Squeez 5.10 Build 4460, and SpeedCommander 10.52 Build 4450 and 11.01 Build 4450, allow user-assisted remote attackers to execute arbitrary code via an ACE archive that contains a file with a long filename.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Speedproject ≫ Speedcommander Version10.52_build4450

Speedproject ≫ Speedcommander Version11.01_build4450

Speedproject ≫ Squeez Version5.10_build_4460

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.98%	0.886

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/19473

Patch

Vendor Advisory

http://secunia.com/secunia_research/2006-23/advisory

Vendor Advisory

http://securityreason.com/securityalert/820

http://securitytracker.com/id?1016002

http://securitytracker.com/id?1016003

http://www.osvdb.org/24990

http://www.securityfocus.com/archive/1/432101/100/0/threaded

http://www.securityfocus.com/bid/17709

http://www.speedproject.de/enu/