7.5

CVE-2006-2909

Stack-based buffer overflow in the info tip shell extension (zipinfo.dll) in PicoZip 4.01 allows remote attackers to execute arbitrary code via a long filename in an (1) ACE, (2) RAR, or (3) ZIP archive, which is triggered when the user moves the mouse over the archive.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PicozipPicozip Version4.01
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.87% 0.945
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/20481
Patch
Vendor Advisory
http://secunia.com/secunia_research/2006-42/advisory/
Patch
Vendor Advisory
http://securityreason.com/securityalert/1104
http://securitytracker.com/id?1016308
http://www.osvdb.org/26447
http://www.picozip.com/changelog.html
http://www.securityfocus.com/archive/1/437103/100/0/threaded
http://www.securityfocus.com/archive/1/437450/100/100/threaded
http://www.securityfocus.com/bid/18425
Patch
http://www.vupen.com/english/advisories/2006/2330
https://exchange.xforce.ibmcloud.com/vulnerabilities/27096