CVE-2005-2384Path Traversal in Avast Antivirus

3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
2.5%
top 14.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Alwil Avast Antivirus
Timeline
PublishedJul 27
Latest updateMay 1

Description

Directory traversal vulnerability in a third-party compression library (UNACEV2.DLL), as used in avast! Antivirus Home/Professional Edition 4.6.665 and Server Edition 4.6.460, allows remote attackers to write arbitrary files via an ACE archive containing filenames with (1) .. or (2) absolute pathnames.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDalwil/avast_antivirus4.6.460, 4.6.665+1

Patches

Patch: secunia.comPatch: secunia.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-v34h-4v23-vppf: Directory traversal vulnerability in a third-party compression library (UNACEV22022-05-01
CVEList
CVE-2005-2384: Directory traversal vulnerability in a third-party compression library (UNACEV22005-07-27
CVE-2005-2384 — Path Traversal in Alwil Avast Antivirus | cvebase