CVE - CVE-2005-2856

CVE-ID
CVE-2005-2856	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party compression utility before 2.6.0.0, as used in multiple products including (1) ALZip 5.51 through 6.11, (2) Servant Salamander 2.0 and 2.5 Beta 1, (3) WinHKI 1.66 and 1.67, (4) ExtractNow 3.x, (5) Total Commander 6.53, (6) Anti-Trojan 5.5.421, (7) PowerArchiver before 9.61, (8) UltimateZip 2.7,1, 3.0.3, and 3.1b, (9) Where Is It (WhereIsIt) 3.73.501, (10) FilZip 3.04, (11) IZArc 3.5 beta3, (12) Eazel 1.0, (13) Rising Antivirus 18.27.21 and earlier, (14) AutoMate 6.1.0.0, (15) BitZipper 4.1 SR-1, (16) ZipTV, and other products, allows user-assisted attackers to execute arbitrary code via a long filename in an ACE archive.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20050908 Secunia Research: ALZip ACE Archive Handling Buffer Overflow URL:http://marc.info/?l=bugtraq&m=112621008228458&w=2 BUGTRAQ:20060428 Secunia Research: Servant Salamander unacev2.dll Buffer OverflowVulnerability URL:http://www.securityfocus.com/archive/1/432357/100/0/threaded BUGTRAQ:20060501 Secunia Research: WinHKI unacev2.dll Buffer Overflow Vulnerability URL:http://www.securityfocus.com/archive/1/432579/100/0/threaded BUGTRAQ:20060508 Secunia Research: Anti-Trojan unacev2.dll Buffer OverflowVulnerability URL:http://www.securityfocus.com/archive/1/433258/100/0/threaded BUGTRAQ:20060511 Secunia Research: UltimateZip unacev2.dll Buffer OverflowVulnerability URL:http://www.securityfocus.com/archive/1/433693/100/0/threaded BUGTRAQ:20060509 Secunia Research: Where Is It unacev2.dll Buffer OverflowVulnerability URL:http://www.securityfocus.com/archive/1/433352/100/0/threaded BUGTRAQ:20060515 Secunia Research: FilZip unacev2.dll Buffer Overflow Vulnerability URL:http://www.securityfocus.com/archive/1/434011/100/0/threaded BUGTRAQ:20060517 Secunia Research: IZArc unacev2.dll Buffer Overflow Vulnerability URL:http://www.securityfocus.com/archive/1/434234/100/0/threaded BUGTRAQ:20060517 Secunia Research: Eazel unacev2.dll Buffer Overflow Vulnerability URL:http://www.securityfocus.com/archive/1/434279/100/0/threaded BUGTRAQ:20060609 Secunia Research: AutoMate unacev2.dll Buffer OverflowVulnerability URL:http://www.securityfocus.com/archive/1/436639/100/0/threaded BUGTRAQ:20060717 Secunia Research: BitZipper unacev2.dll Buffer OverflowVulnerability URL:http://www.securityfocus.com/archive/1/440303/100/0/threaded MISC:http://secunia.com/secunia_research/2005-41/advisory/ MISC:http://secunia.com/secunia_research/2006-24/advisory MISC:http://secunia.com/secunia_research/2006-25/advisory MISC:http://secunia.com/secunia_research/2006-27/ MISC:http://secunia.com/secunia_research/2006-28/advisory MISC:http://secunia.com/secunia_research/2006-29/advisory/ MISC:http://secunia.com/secunia_research/2006-30/advisory MISC:http://secunia.com/secunia_research/2006-32/advisory/ MISC:http://secunia.com/secunia_research/2006-33/advisory/ MISC:http://secunia.com/secunia_research/2006-36/advisory MISC:http://secunia.com/secunia_research/2006-38/advisory MISC:http://secunia.com/secunia_research/2006-46/advisory/ MISC:http://secunia.com/secunia_research/2006-50/advisory/ BID:14759 URL:http://www.securityfocus.com/bid/14759 BID:19884 URL:http://www.securityfocus.com/bid/19884 VUPEN:ADV-2006-1565 URL:http://www.vupen.com/english/advisories/2006/1565 VUPEN:ADV-2006-1577 URL:http://www.vupen.com/english/advisories/2006/1577 VUPEN:ADV-2006-1611 URL:http://www.vupen.com/english/advisories/2006/1611 VUPEN:ADV-2006-1694 URL:http://www.vupen.com/english/advisories/2006/1694 VUPEN:ADV-2006-1681 URL:http://www.vupen.com/english/advisories/2006/1681 VUPEN:ADV-2006-1725 URL:http://www.vupen.com/english/advisories/2006/1725 VUPEN:ADV-2006-1797 URL:http://www.vupen.com/english/advisories/2006/1797 VUPEN:ADV-2006-1775 URL:http://www.vupen.com/english/advisories/2006/1775 VUPEN:ADV-2006-1835 URL:http://www.vupen.com/english/advisories/2006/1835 VUPEN:ADV-2006-1836 URL:http://www.vupen.com/english/advisories/2006/1836 VUPEN:ADV-2006-2047 URL:http://www.vupen.com/english/advisories/2006/2047 VUPEN:ADV-2006-2184 URL:http://www.vupen.com/english/advisories/2006/2184 VUPEN:ADV-2006-2824 URL:http://www.vupen.com/english/advisories/2006/2824 VUPEN:ADV-2006-3495 URL:http://www.vupen.com/english/advisories/2006/3495 OSVDB:25129 URL:http://www.osvdb.org/25129 SECTRACK:1016011 URL:http://securitytracker.com/id?1016011 SECTRACK:1016012 URL:http://securitytracker.com/id?1016012 SECTRACK:1015852 URL:http://securitytracker.com/id?1015852 SECTRACK:1014863 URL:http://securitytracker.com/id?1014863 SECTRACK:1016065 URL:http://securitytracker.com/id?1016065 SECTRACK:1016066 URL:http://securitytracker.com/id?1016066 SECTRACK:1016088 URL:http://securitytracker.com/id?1016088 SECTRACK:1016114 URL:http://securitytracker.com/id?1016114 SECTRACK:1016115 URL:http://securitytracker.com/id?1016115 SECTRACK:1016177 URL:http://securitytracker.com/id?1016177 SECTRACK:1016257 URL:http://securitytracker.com/id?1016257 SECTRACK:1016512 URL:http://securitytracker.com/id?1016512 SECUNIA:16479 URL:http://secunia.com/advisories/16479 SECUNIA:19454 URL:http://secunia.com/advisories/19454 SECUNIA:19458 URL:http://secunia.com/advisories/19458 SECUNIA:19581 URL:http://secunia.com/advisories/19581 SECUNIA:19612 URL:http://secunia.com/advisories/19612 SECUNIA:19975 URL:http://secunia.com/advisories/19975 SECUNIA:19977 URL:http://secunia.com/advisories/19977 SECUNIA:19596 URL:http://secunia.com/advisories/19596 SECUNIA:19834 URL:http://secunia.com/advisories/19834 SECUNIA:19931 URL:http://secunia.com/advisories/19931 SECUNIA:19938 URL:http://secunia.com/advisories/19938 SECUNIA:19967 URL:http://secunia.com/advisories/19967 SECUNIA:20009 URL:http://secunia.com/advisories/20009 SECUNIA:19890 URL:http://secunia.com/advisories/19890 SECUNIA:19939 URL:http://secunia.com/advisories/19939 SECUNIA:20270 URL:http://secunia.com/advisories/20270 SREASON:49 URL:http://securityreason.com/securityalert/49 XF:eazel-ztvunacev2-bo(26479) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26479 XF:izarc-unacev2-bo(26480) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26480 XF:filzip-unacev2-bo(26447) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26447 XF:bitzipper-unacev2-bo(27763) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/27763 XF:extractnow-unacev2-ace-bo(26168) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26168 XF:ultimatezip-unacev2-bo(26385) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26385 XF:whereisit-unacev2-bo(26315) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26315 XF:winhki-unacev2-bo(26142) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26142 XF:antitrojan-unacev2-bo(26302) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26302 XF:automate-unacev2-bo(26982) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26982 XF:powerarchiver-unacev2-ace-bo(26272) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26272 XF:risingantivirus-unacev2-bo(26736) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26736 XF:servant-salamander-unacev2-bo(26116) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26116 XF:tziptv-unacev2-bo(28787) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/28787
Assigning CNA
N/A
Date Entry Created
20050908	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20050908)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org