CVE-2009-1059
published 2009-03-24CVE-2009-1059: Stack-based buffer overflow in Trident PowerZip 7.2 might allow remote attackers to execute arbitrary code via a crafted .zip file. NOTE: CVE has not…
PriorityP343critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
4.81%
90.9th percentile
Stack-based buffer overflow in Trident PowerZip 7.2 might allow remote attackers to execute arbitrary code via a crafted .zip file. NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this product.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| powerzip | powerzip | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2009-1373 pidgin file transfer buffer overflow
bugzilla·2009-05-12·CVSS 7.1
CVE-2009-1373 [HIGH] CVE-2009-1373 pidgin file transfer buffer overflow
CVE-2009-1373 pidgin file transfer buffer overflow
A buffer overflow flaw was found in the way Pidgin initiates file
transfers. If a Pidgin client initiates a file transfer, and the remote
target sends a malformed response, it triggers a buffer overflow.
Discussion:
This flaw only affects the Jabber protocol.
---
Link to upstream advisory:
http://www.pidgin.im/news/security//?id=29
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 3
Via RHSA-2009:1059 https://rhn.redhat.com/errata/RHSA-2009-1059.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 3
Via RHSA-2009:1059 https://rhn.redhat.com/errata/RHSA-2009-1059.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat
Bugzilla
CVE-2009-1376 pidgin incomplete fix for CVE-2008-2927
bugzilla·2009-05-12·CVSS 6.8
CVE-2009-1376 [MEDIUM] CVE-2009-1376 pidgin incomplete fix for CVE-2008-2927
CVE-2009-1376 pidgin incomplete fix for CVE-2008-2927
The integer overflow fix for CVE-2008-2927 was incomplete on 32 bit
platforms. If a Pidgin user can receive a specially crafted MSN message,
it may be possible to execute arbitrary code with the permissions of the
user running Pidgin.
This flaw is only exploitable by individuals who can message a user, which
is controlled by the Pidgin privacy setting. The default setting is to
only allow messages from users in the buddy list.
Discussion:
Link to upstream advisory:
http://www.pidgin.im/news/security//?id=32
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 3
Via RHSA-2009:1059 https://rhn.redhat.com/errata/RHSA-2009-1059.html
---
This issue has been addressed in following products:
Red Hat Ent
2009-03-24
Published