CVE-2005-2856
published 2005-09-08CVE-2005-2856: Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party compression utility before 2.6.0.0, as used in multiple products including (1) ALZip 5.51…
PriorityP348high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
15.68%
96.4th percentile
Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party compression utility before 2.6.0.0, as used in multiple products including (1) ALZip 5.51 through 6.11, (2) Servant Salamander 2.0 and 2.5 Beta 1, (3) WinHKI 1.66 and 1.67, (4) ExtractNow 3.x, (5) Total Commander 6.53, (6) Anti-Trojan 5.5.421, (7) PowerArchiver before 9.61, (8) UltimateZip 2.7,1, 3.0.3, and 3.1b, (9) Where Is It (WhereIsIt) 3.73.501, (10) FilZip 3.04, (11) IZArc 3.5 beta3, (12) Eazel 1.0, (13) Rising Antivirus 18.27.21 and earlier, (14) AutoMate 6.1.0.0, (15) BitZipper 4.1 SR-1, (16) ZipTV, and other products, allows user-assisted attackers to execute arbitrary code via a long filename in an ACE archive.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microchip_data_systems | ziptv_for_c_+_+_builder | — | — |
| microchip_data_systems | ziptv_for_delphi_7 | — | — |
| pentaware | pentasuite-pro | — | — |
| pentaware | pentazip | — | — |
| winace | winace | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-56w5-hc48-h3wh: Stack-based buffer overflow in the WinACE UNACEV2
ghsa_unreviewed·2022-05-01
CVE-2005-2856 [HIGH] CWE-119 GHSA-56w5-hc48-h3wh: Stack-based buffer overflow in the WinACE UNACEV2
Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party compression utility before 2.6.0.0, as used in multiple products including (1) ALZip 5.51 through 6.11, (2) Servant Salamander 2.0 and 2.5 Beta 1, (3) WinHKI 1.66 and 1.67, (4) ExtractNow 3.x, (5) Total Commander 6.53, (6) Anti-Trojan 5.5.421, (7) PowerArchiver before 9.61, (8) UltimateZip 2.7,1, 3.0.3, and 3.1b, (9) Where Is It (WhereIsIt) 3.73.501, (10) FilZip 3.04, (11) IZArc 3.5 beta3, (12) Eazel 1.0, (13) Rising Antivirus 18.27.21 and earlier, (14) AutoMate 6.1.0.0, (15) BitZipper 4.1 SR-1, (16) ZipTV, and other products, allows user-assisted attackers to execute arbitrary code via a long filename in an ACE archive.
GHSA
GHSA-xc3g-ww4p-pfpj: Heap-based buffer overflow in the TZipTV component in (1) ZipTV for Delphi 7 2006
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2006-2482 [HIGH] CWE-119 GHSA-xc3g-ww4p-pfpj: Heap-based buffer overflow in the TZipTV component in (1) ZipTV for Delphi 7 2006
Heap-based buffer overflow in the TZipTV component in (1) ZipTV for Delphi 7 2006.1.26 and for C++ Builder 2006-1.16, (2) PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221, and possibly other products, allows user-assisted attackers to execute arbitrary code via an ARJ archive with a long header. NOTE: the ACE archive vector is covered by CVE-2005-2856.
No detection rules found.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=112621008228458&w=2http://secunia.com/advisories/16479http://secunia.com/advisories/19454http://secunia.com/advisories/19458http://secunia.com/advisories/19581http://secunia.com/advisories/19596http://secunia.com/advisories/19612http://secunia.com/advisories/19834http://secunia.com/advisories/19890http://secunia.com/advisories/19931http://secunia.com/advisories/19938http://secunia.com/advisories/19939http://secunia.com/advisories/19967http://secunia.com/advisories/19975http://secunia.com/advisories/19977http://secunia.com/advisories/20009http://secunia.com/advisories/20270http://secunia.com/secunia_research/2005-41/advisory/http://secunia.com/secunia_research/2006-24/advisoryhttp://secunia.com/secunia_research/2006-25/advisoryhttp://secunia.com/secunia_research/2006-27/http://secunia.com/secunia_research/2006-28/advisoryhttp://secunia.com/secunia_research/2006-29/advisory/http://secunia.com/secunia_research/2006-30/advisoryhttp://secunia.com/secunia_research/2006-32/advisory/http://secunia.com/secunia_research/2006-33/advisory/http://secunia.com/secunia_research/2006-36/advisoryhttp://secunia.com/secunia_research/2006-38/advisoryhttp://secunia.com/secunia_research/2006-46/advisory/http://secunia.com/secunia_research/2006-50/advisory/http://securityreason.com/securityalert/49http://securitytracker.com/id?1014863http://securitytracker.com/id?1015852http://securitytracker.com/id?1016011http://securitytracker.com/id?1016012http://securitytracker.com/id?1016065http://securitytracker.com/id?1016066http://securitytracker.com/id?1016088http://securitytracker.com/id?1016114http://securitytracker.com/id?1016115http://securitytracker.com/id?1016177http://securitytracker.com/id?1016257http://securitytracker.com/id?1016512http://www.osvdb.org/25129http://www.securityfocus.com/archive/1/432357/100/0/threadedhttp://www.securityfocus.com/archive/1/432579/100/0/threadedhttp://www.securityfocus.com/archive/1/433258/100/0/threadedhttp://www.securityfocus.com/archive/1/433352/100/0/threadedhttp://www.securityfocus.com/archive/1/433693/100/0/threadedhttp://www.securityfocus.com/archive/1/434011/100/0/threadedhttp://www.securityfocus.com/archive/1/434234/100/0/threadedhttp://www.securityfocus.com/archive/1/434279/100/0/threadedhttp://www.securityfocus.com/archive/1/436639/100/0/threadedhttp://www.securityfocus.com/archive/1/440303/100/0/threadedhttp://www.securityfocus.com/bid/14759http://www.securityfocus.com/bid/19884http://www.vupen.com/english/advisories/2006/1565http://www.vupen.com/english/advisories/2006/1577http://www.vupen.com/english/advisories/2006/1611http://www.vupen.com/english/advisories/2006/1681http://www.vupen.com/english/advisories/2006/1694http://www.vupen.com/english/advisories/2006/1725http://www.vupen.com/english/advisories/2006/1775http://www.vupen.com/english/advisories/2006/1797http://www.vupen.com/english/advisories/2006/1835http://www.vupen.com/english/advisories/2006/1836http://www.vupen.com/english/advisories/2006/2047http://www.vupen.com/english/advisories/2006/2184http://www.vupen.com/english/advisories/2006/2824http://www.vupen.com/english/advisories/2006/3495https://exchange.xforce.ibmcloud.com/vulnerabilities/26116https://exchange.xforce.ibmcloud.com/vulnerabilities/26142https://exchange.xforce.ibmcloud.com/vulnerabilities/26168https://exchange.xforce.ibmcloud.com/vulnerabilities/26272https://exchange.xforce.ibmcloud.com/vulnerabilities/26302https://exchange.xforce.ibmcloud.com/vulnerabilities/26315https://exchange.xforce.ibmcloud.com/vulnerabilities/26385https://exchange.xforce.ibmcloud.com/vulnerabilities/26447https://exchange.xforce.ibmcloud.com/vulnerabilities/26479https://exchange.xforce.ibmcloud.com/vulnerabilities/26480https://exchange.xforce.ibmcloud.com/vulnerabilities/26736https://exchange.xforce.ibmcloud.com/vulnerabilities/26982https://exchange.xforce.ibmcloud.com/vulnerabilities/27763https://exchange.xforce.ibmcloud.com/vulnerabilities/28787http://marc.info/?l=bugtraq&m=112621008228458&w=2http://secunia.com/advisories/16479http://secunia.com/advisories/19454http://secunia.com/advisories/19458http://secunia.com/advisories/19581http://secunia.com/advisories/19596http://secunia.com/advisories/19612http://secunia.com/advisories/19834http://secunia.com/advisories/19890http://secunia.com/advisories/19931http://secunia.com/advisories/19938http://secunia.com/advisories/19939http://secunia.com/advisories/19967http://secunia.com/advisories/19975http://secunia.com/advisories/19977http://secunia.com/advisories/20009
+ 68 more references
2005-09-08
Published