CVE - CVE-2005-2856

CVE-ID
CVE-2005-2856	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party compression utility before 2.6.0.0, as used in multiple products including (1) ALZip 5.51 through 6.11, (2) Servant Salamander 2.0 and 2.5 Beta 1, (3) WinHKI 1.66 and 1.67, (4) ExtractNow 3.x, (5) Total Commander 6.53, (6) Anti-Trojan 5.5.421, (7) PowerArchiver before 9.61, (8) UltimateZip 2.7,1, 3.0.3, and 3.1b, (9) Where Is It (WhereIsIt) 3.73.501, (10) FilZip 3.04, (11) IZArc 3.5 beta3, (12) Eazel 1.0, (13) Rising Antivirus 18.27.21 and earlier, (14) AutoMate 6.1.0.0, (15) BitZipper 4.1 SR-1, (16) ZipTV, and other products, allows user-assisted attackers to execute arbitrary code via a long filename in an ACE archive.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:14759 URL:http://www.securityfocus.com/bid/14759 BID:19884 URL:http://www.securityfocus.com/bid/19884 BUGTRAQ:20050908 Secunia Research: ALZip ACE Archive Handling Buffer Overflow URL:http://marc.info/?l=bugtraq&m=112621008228458&w=2 BUGTRAQ:20060428 Secunia Research: Servant Salamander unacev2.dll Buffer OverflowVulnerability URL:http://www.securityfocus.com/archive/1/432357/100/0/threaded BUGTRAQ:20060501 Secunia Research: WinHKI unacev2.dll Buffer Overflow Vulnerability URL:http://www.securityfocus.com/archive/1/432579/100/0/threaded BUGTRAQ:20060508 Secunia Research: Anti-Trojan unacev2.dll Buffer OverflowVulnerability URL:http://www.securityfocus.com/archive/1/433258/100/0/threaded BUGTRAQ:20060509 Secunia Research: Where Is It unacev2.dll Buffer OverflowVulnerability URL:http://www.securityfocus.com/archive/1/433352/100/0/threaded BUGTRAQ:20060511 Secunia Research: UltimateZip unacev2.dll Buffer OverflowVulnerability URL:http://www.securityfocus.com/archive/1/433693/100/0/threaded BUGTRAQ:20060515 Secunia Research: FilZip unacev2.dll Buffer Overflow Vulnerability URL:http://www.securityfocus.com/archive/1/434011/100/0/threaded BUGTRAQ:20060517 Secunia Research: Eazel unacev2.dll Buffer Overflow Vulnerability URL:http://www.securityfocus.com/archive/1/434279/100/0/threaded BUGTRAQ:20060517 Secunia Research: IZArc unacev2.dll Buffer Overflow Vulnerability URL:http://www.securityfocus.com/archive/1/434234/100/0/threaded BUGTRAQ:20060609 Secunia Research: AutoMate unacev2.dll Buffer OverflowVulnerability URL:http://www.securityfocus.com/archive/1/436639/100/0/threaded BUGTRAQ:20060717 Secunia Research: BitZipper unacev2.dll Buffer OverflowVulnerability URL:http://www.securityfocus.com/archive/1/440303/100/0/threaded MISC:http://secunia.com/secunia_research/2005-41/advisory/ MISC:http://secunia.com/secunia_research/2006-24/advisory MISC:http://secunia.com/secunia_research/2006-25/advisory MISC:http://secunia.com/secunia_research/2006-27/ MISC:http://secunia.com/secunia_research/2006-28/advisory MISC:http://secunia.com/secunia_research/2006-29/advisory/ MISC:http://secunia.com/secunia_research/2006-30/advisory MISC:http://secunia.com/secunia_research/2006-32/advisory/ MISC:http://secunia.com/secunia_research/2006-33/advisory/ MISC:http://secunia.com/secunia_research/2006-36/advisory MISC:http://secunia.com/secunia_research/2006-38/advisory MISC:http://secunia.com/secunia_research/2006-46/advisory/ MISC:http://secunia.com/secunia_research/2006-50/advisory/ OSVDB:25129 URL:~~http://www.osvdb.org/25129~~ (Obsolete source) SECTRACK:1014863 URL:http://securitytracker.com/id?1014863 SECTRACK:1015852 URL:http://securitytracker.com/id?1015852 SECTRACK:1016011 URL:http://securitytracker.com/id?1016011 SECTRACK:1016012 URL:http://securitytracker.com/id?1016012 SECTRACK:1016065 URL:http://securitytracker.com/id?1016065 SECTRACK:1016066 URL:http://securitytracker.com/id?1016066 SECTRACK:1016088 URL:http://securitytracker.com/id?1016088 SECTRACK:1016114 URL:http://securitytracker.com/id?1016114 SECTRACK:1016115 URL:http://securitytracker.com/id?1016115 SECTRACK:1016177 URL:http://securitytracker.com/id?1016177 SECTRACK:1016257 URL:http://securitytracker.com/id?1016257 SECTRACK:1016512 URL:http://securitytracker.com/id?1016512 SECUNIA:16479 URL:http://secunia.com/advisories/16479 SECUNIA:19454 URL:http://secunia.com/advisories/19454 SECUNIA:19458 URL:http://secunia.com/advisories/19458 SECUNIA:19581 URL:http://secunia.com/advisories/19581 SECUNIA:19596 URL:http://secunia.com/advisories/19596 SECUNIA:19612 URL:http://secunia.com/advisories/19612 SECUNIA:19834 URL:http://secunia.com/advisories/19834 SECUNIA:19890 URL:http://secunia.com/advisories/19890 SECUNIA:19931 URL:http://secunia.com/advisories/19931 SECUNIA:19938 URL:http://secunia.com/advisories/19938 SECUNIA:19939 URL:http://secunia.com/advisories/19939 SECUNIA:19967 URL:http://secunia.com/advisories/19967 SECUNIA:19975 URL:http://secunia.com/advisories/19975 SECUNIA:19977 URL:http://secunia.com/advisories/19977 SECUNIA:20009 URL:http://secunia.com/advisories/20009 SECUNIA:20270 URL:http://secunia.com/advisories/20270 SREASON:49 URL:http://securityreason.com/securityalert/49 VUPEN:ADV-2006-1565 URL:~~http://www.vupen.com/english/advisories/2006/1565~~ (Obsolete source) VUPEN:ADV-2006-1577 URL:~~http://www.vupen.com/english/advisories/2006/1577~~ (Obsolete source) VUPEN:ADV-2006-1611 URL:~~http://www.vupen.com/english/advisories/2006/1611~~ (Obsolete source) VUPEN:ADV-2006-1681 URL:~~http://www.vupen.com/english/advisories/2006/1681~~ (Obsolete source) VUPEN:ADV-2006-1694 URL:~~http://www.vupen.com/english/advisories/2006/1694~~ (Obsolete source) VUPEN:ADV-2006-1725 URL:~~http://www.vupen.com/english/advisories/2006/1725~~ (Obsolete source) VUPEN:ADV-2006-1775 URL:~~http://www.vupen.com/english/advisories/2006/1775~~ (Obsolete source) VUPEN:ADV-2006-1797 URL:~~http://www.vupen.com/english/advisories/2006/1797~~ (Obsolete source) VUPEN:ADV-2006-1835 URL:~~http://www.vupen.com/english/advisories/2006/1835~~ (Obsolete source) VUPEN:ADV-2006-1836 URL:~~http://www.vupen.com/english/advisories/2006/1836~~ (Obsolete source) VUPEN:ADV-2006-2047 URL:~~http://www.vupen.com/english/advisories/2006/2047~~ (Obsolete source) VUPEN:ADV-2006-2184 URL:~~http://www.vupen.com/english/advisories/2006/2184~~ (Obsolete source) VUPEN:ADV-2006-2824 URL:~~http://www.vupen.com/english/advisories/2006/2824~~ (Obsolete source) VUPEN:ADV-2006-3495 URL:~~http://www.vupen.com/english/advisories/2006/3495~~ (Obsolete source) XF:antitrojan-unacev2-bo(26302) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26302 XF:automate-unacev2-bo(26982) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26982 XF:bitzipper-unacev2-bo(27763) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/27763 XF:eazel-ztvunacev2-bo(26479) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26479 XF:extractnow-unacev2-ace-bo(26168) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26168 XF:filzip-unacev2-bo(26447) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26447 XF:izarc-unacev2-bo(26480) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26480 XF:powerarchiver-unacev2-ace-bo(26272) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26272 XF:risingantivirus-unacev2-bo(26736) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26736 XF:servant-salamander-unacev2-bo(26116) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26116 XF:tziptv-unacev2-bo(28787) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/28787 XF:ultimatezip-unacev2-bo(26385) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26385 XF:whereisit-unacev2-bo(26315) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26315 XF:winhki-unacev2-bo(26142) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26142
Assigning CNA
MITRE Corporation
Date Record Created
20050908	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20050908)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)