Vulnerability CVE-2005-3832
Published: 2005-11-26   Modified: 2012-02-12

Description:
Stack-based buffer overflow in (1) CxUux60.dll and (2) CxUux60u.dll, as used in SpeedProject products including (a) Squeez 5.0 Build 4285, and (b) SpeedCommander 11.0 Build 4430 and 10.51 Build 4430, allows user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
SpeedProject Products ZIP/UUE File ExtractionBuffer Overflow
Tan Chew Keong
25.11.2005

Type:

CWE-119

 (Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:H/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.1/10
6.4/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Speedproject -> Speedcommander 
Speedproject -> Squeez 

 References:
http://securityreason.com/securityalert/204
http://securitytracker.com/id?1015265
http://securitytracker.com/id?1015266
http://securitytracker.com/id?1015267
http://www.securityfocus.com/archive/1/417588/30/0/threaded
http://www.vupen.com/english/advisories/2005/2570
Copyright 2024, cxsecurity.com

 

Back to Top