Vulnerabilites related to picozip - picozip
Vulnerability from fkie_nvd
Published
2006-06-16 10:02
Modified
2025-04-03 01:03
Severity ?
Summary
Stack-based buffer overflow in the info tip shell extension (zipinfo.dll) in PicoZip 4.01 allows remote attackers to execute arbitrary code via a long filename in an (1) ACE, (2) RAR, or (3) ZIP archive, which is triggered when the user moves the mouse over the archive.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:picozip:picozip:4.01:*:*:*:*:*:*:*",
"matchCriteriaId": "1232483B-6B8E-41F6-AFFA-BA62E70CC453",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the info tip shell extension (zipinfo.dll) in PicoZip 4.01 allows remote attackers to execute arbitrary code via a long filename in an (1) ACE, (2) RAR, or (3) ZIP archive, which is triggered when the user moves the mouse over the archive."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la extensi\u00f3n (zipinfo.dll) en PicoZip v4.01 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un nombre de archivo largo en un archivo (1) ACE, (2) RAR, o (3) ZIP, lo que se activa cuando el usuario mueve el puntero del rat\u00f3n sobre el archivo."
}
],
"id": "CVE-2006-2909",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-16T10:02:00.000",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20481"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2006-42/advisory/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://securityreason.com/securityalert/1104"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://securitytracker.com/id?1016308"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.osvdb.org/26447"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.picozip.com/changelog.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/437103/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/437450/100/100/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/18425"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2006/2330"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2006-42/advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.picozip.com/changelog.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/437103/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/437450/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/18425"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27096"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-04-18 03:19
Modified
2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in Acubix PicoZip 4.02 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the file path in an (1) GZ, (2) TAR, (3) RAR, (4) JAR, or (5) ZIP archive.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:picozip:picozip:4.02:*:*:*:*:*:*:*",
"matchCriteriaId": "411955D9-694C-48A7-A6AB-B664D593FC1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Acubix PicoZip 4.02 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the file path in an (1) GZ, (2) TAR, (3) RAR, (4) JAR, or (5) ZIP archive."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en PicoZip 4.02 permite a atacantes remotos con la complicidad del usuario sobrescribir ficheros de su elecci\u00f3n mediante secuencias .. (punto punto) en la ruta de ficheros del tipo (1) GZ, (2) TAR, (3) RAR, (4) JAR, o (5) ZIP."
}
],
"id": "CVE-2007-2058",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-04-18T03:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24868"
},
{
"source": "cve@mitre.org",
"url": "http://www.bugtraq.ir/articles/advisory/picozip_directory_traversal/9"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23471"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1377"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.bugtraq.ir/articles/advisory/picozip_directory_traversal/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33639"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-05-09 01:19
Modified
2025-04-09 00:30
Severity ?
Summary
PicoZip allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:picozip:picozip:4.01:*:*:*:*:*:*:*",
"matchCriteriaId": "1232483B-6B8E-41F6-AFFA-BA62E70CC453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:picozip:picozip:4.02:*:*:*:*:*:*:*",
"matchCriteriaId": "411955D9-694C-48A7-A6AB-B664D593FC1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PicoZip allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file."
},
{
"lang": "es",
"value": "PicoZip permite a atacantes remotos provocar una denegaci\u00f3n de servicio (bucle infinito) mediante un archivo ZOO con una estructura de entrada de directorio (direntry structure) que apunta a un fichero anterior."
}
],
"id": "CVE-2007-2536",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-05-09T01:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/41751"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2680"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/23823"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/41751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/23823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-05-09 01:19
Modified
2025-04-09 00:30
Severity ?
Summary
unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amavis:amavis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64AF6FAE-B025-4F70-9F52-C7C12C6F705D",
"versionEndIncluding": "2.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC3BF13-2946-411E-93A5-0C3AF0508C60",
"versionEndIncluding": "4.7.980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus:4.6.394:*:*:*:*:*:*:*",
"matchCriteriaId": "8683D747-C092-4841-AABF-280D7EB771F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus:4.7.652:*:*:*:*:*:*:*",
"matchCriteriaId": "D393356E-0464-41B6-9D56-2DCFC6900244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus:4.7.700:*:*:*:*:*:*:*",
"matchCriteriaId": "0ED7C89E-E28B-4BE9-952D-86A8D089B41D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1519A450-8F71-408A-81B8-AA6F337E7A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48872452-2B26-44C4-A9FF-0D9D23AAC95A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.6.652:*:*:*:*:*:*:*",
"matchCriteriaId": "275D7948-61FB-4415-A9EB-59EEF9757149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.6.655:*:*:*:*:*:*:*",
"matchCriteriaId": "5CCC4081-D877-4DE3-9342-59BCE7C41CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.6.665:*:*:*:*:*:*:*",
"matchCriteriaId": "B189DFCB-2307-43B4-8102-BA725CEE0711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.6.691:*:*:*:*:*:*:*",
"matchCriteriaId": "3C733E69-33B3-465B-B146-A68C26373E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.827:*:*:*:*:*:*:*",
"matchCriteriaId": "2EF16A3D-BC29-4426-BDF5-F1C6E85228B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.827:*:windows:*:*:*:*:*",
"matchCriteriaId": "33A71A2C-36AC-4F36-9D94-AA824F4DE14C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.844:*:*:*:*:*:*:*",
"matchCriteriaId": "E02983BB-F027-4967-A230-933299D2D061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.844:*:windows:*:*:*:*:*",
"matchCriteriaId": "62618C12-3EAC-4434-B2A8-D83612F1A05C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.869:*:*:*:*:*:*:*",
"matchCriteriaId": "238FB2B1-41CF-46DB-8ED7-7F2B6609C27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.869:*:windows:*:*:*:*:*",
"matchCriteriaId": "B949535B-9771-4AC6-BBDB-8BB3A789A1FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.1043:*:*:*:*:*:*:*",
"matchCriteriaId": "97FEA351-FFF6-4452-9A2B-A7AAF4D7EE20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.1043:*:windows:*:*:*:*:*",
"matchCriteriaId": "DC6DA89A-BF71-4031-9B51-E5941FDE5E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.1098:*:*:*:*:*:*:*",
"matchCriteriaId": "18837F1C-8ECD-4202-9489-08D63FB28CDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_home:4.7.1098:*:windows:*:*:*:*:*",
"matchCriteriaId": "DB201D49-EB74-4A5D-B641-86C4429E3EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "231DDF5E-5026-4844-8374-45F0926F8C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8822D55C-FEE7-41B5-A8D5-8D9F514CF815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.6.603:*:*:*:*:*:*:*",
"matchCriteriaId": "B89C0CA4-00DE-4CAD-B554-36C46815A919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.6.652:*:*:*:*:*:*:*",
"matchCriteriaId": "A618B922-80E7-4769-90BA-5FE231DA6B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.6.665:*:*:*:*:*:*:*",
"matchCriteriaId": "40F19B83-BAD9-4CDC-95C5-6D352F223AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.6.691:*:*:*:*:*:*:*",
"matchCriteriaId": "762B6C23-5ADD-4221-8146-DF9CE95637BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.827:*:*:*:*:*:*:*",
"matchCriteriaId": "2F3B1651-DC3E-43B8-A5A4-8BEF7D668EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.827:*:windows:*:*:*:*:*",
"matchCriteriaId": "DF2D8C10-01E4-43D7-93EE-342BA7E9C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.844:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0980CA-26A4-468E-82F3-E03953250343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.844:*:windows:*:*:*:*:*",
"matchCriteriaId": "AAB7888A-E884-4C73-AF10-698C56E080F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.869:*:*:*:*:*:*:*",
"matchCriteriaId": "FF5B2325-D8EE-4D1E-8291-740726FC1EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.1043:*:*:*:*:*:*:*",
"matchCriteriaId": "FB0EF168-1F0D-4772-8922-0A75CAF28661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.1043:*:windows:*:*:*:*:*",
"matchCriteriaId": "1F7F2957-4422-4891-B573-F68882D7C8E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avast:avast_antivirus_professional:4.7.1098:*:*:*:*:*:*:*",
"matchCriteriaId": "5CAED694-2497-488B-A2AB-0781501678F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avira:antivir:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD00670-7EC0-4AA4-98EF-C8AE38330284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avira:antivir:6.35.00.00:*:*:*:*:*:*:*",
"matchCriteriaId": "C23C179C-B50E-4F47-BFFA-85848131C99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avira:antivir:7.04.00.23:*:*:*:*:*:*:*",
"matchCriteriaId": "5C813AD8-5D73-41DF-B710-3CEB20FB9EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avira:antivir_personal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B38A75AF-D8B4-4B54-87E9-6EED562CAAC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avira:antivir_personal:*:*:classic:*:*:*:*:*",
"matchCriteriaId": "5DB520B5-36E8-4F4B-99FF-0FF3F708CC8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avira:antivir_personal:*:*:premium:*:*:*:*:*",
"matchCriteriaId": "BECD1C6B-EC0F-4203-BA12-F8B02472FF4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avira:antivir_personal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD267D52-D580-4460-AFF9-E5BA478A98FA",
"versionEndIncluding": "7.3.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avira:antivir_personal:7:*:*:*:*:*:*:*",
"matchCriteriaId": "64D94528-A54F-439B-8584-57A82CDF7318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avira:antivir_personal:7:*:classic:*:*:*:*:*",
"matchCriteriaId": "DB66A5A4-6758-438D-9155-7475A5406DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_antivirus:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F9AF4F-E974-4D6F-AF51-0DA7A59E64FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:panda:panda_antivirus_and_firewall:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "C4DBEED1-0648-45F3-AFC2-91C872A1B098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:picozip:picozip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AD36471-D8DC-4B11-B53B-264AB1560063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rahul_dhesi:zoo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79845C9F-7884-4F77-B492-4A944D3DCCEA",
"versionEndIncluding": "2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:unzoo:unzoo:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B93C2E82-03E5-42CE-A589-B82FBCBE7D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:winace:winace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF7B6EE8-25D5-4C89-A0B8-A069D330A9D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D03D666-D234-4626-82F9-EC5726BE1920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_100:*:*:*:*:*:*:*",
"matchCriteriaId": "D0BEEFB2-C6ED-43D5-B535-623931C38890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_200:*:*:*:*:*:*:*",
"matchCriteriaId": "C2ECF7F8-A29F-4868-9DE5-4227E5DA2285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_300:*:*:*:*:*:*:*",
"matchCriteriaId": "6A897043-9003-4F27-8C7D-AE6B2BD0389C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_400:*:*:*:*:*:*:*",
"matchCriteriaId": "1F05FEF8-6B34-4874-AD6B-A053415BD939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_500:*:*:*:*:*:*:*",
"matchCriteriaId": "D28FAD61-3723-4CCC-B890-C5869E7AC3EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_600:*:*:*:*:*:*:*",
"matchCriteriaId": "7697AAC2-EC8A-496E-9336-29AAE61CD69E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_800:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA47F3A-44BA-4011-8A44-1AE54D02E772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_900:*:*:*:*:*:*:*",
"matchCriteriaId": "423620AD-EA6A-4730-B97A-DF67247372BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file."
},
{
"lang": "es",
"value": "El archivo unzoo.c, tal como se utiliza en varios productos, incluyendo AMaViS versi\u00f3n 2.4.1 y anteriores, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito) por medio de un archivo ZOO con una estructura direntry que apunta hacia un archivo anterior."
}
],
"evaluatorSolution": "http://xforce.iss.net/xforce/xfdb/34080\r\n\r\n\r\nFor Barracuda Spam Firewall:\r\nUpgrade to the latest virus definition version of Barracuda Spam Firewall (virusdef 2.0.6399 for 3.4 and after or virusdef 2.0.6399o for prior to 3.4), available from the automatic update.\r\n\r\nFor Panda Software Antivirus:\r\nUpgrade to the latest version of Panda Software Antivirus (4/2/2007 or later), available from the automatic update feature.\r\n\r\nFor avast! antivirus:\r\nUpgrade to the latest version of Panda Software Antivirus (4.7.981 or later), available from the avast! antivirus Web site. See references.\r\n\r\nFor Avira AntiVir:\r\nUpgrade to the latest version of Avira AntiVir (avpack32.dll version 7.3.0.6 or later), available from the automatic update feature.\r\n\r\nFor AMaViS:\r\nRefer to ASA-2007-2 for patch, upgrade, or suggested workaround information. See References.",
"id": "CVE-2007-1673",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-05-09T01:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36208"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25315"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2680"
},
{
"source": "cve@mitre.org",
"url": "http://www.amavis.org/security/asa-2007-2.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/23823"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25315"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.amavis.org/security/asa-2007-2.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/23823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2007-1673 (GCVE-0-2007-1673)
Vulnerability from cvelistv5
Published
2007-05-09 01:00
Modified
2024-08-07 13:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:25.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.amavis.org/security/asa-2007-2.txt"
},
{
"name": "multiple-vendor-zoo-dos(34080)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
},
{
"name": "36208",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36208"
},
{
"name": "23823",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23823"
},
{
"name": "25315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25315"
},
{
"name": "20070504 Multiple vendors ZOO file decompression infinite loop DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
},
{
"name": "2680",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2680"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.amavis.org/security/asa-2007-2.txt"
},
{
"name": "multiple-vendor-zoo-dos(34080)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
},
{
"name": "36208",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36208"
},
{
"name": "23823",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23823"
},
{
"name": "25315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25315"
},
{
"name": "20070504 Multiple vendors ZOO file decompression infinite loop DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
},
{
"name": "2680",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2680"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.amavis.org/security/asa-2007-2.txt",
"refsource": "CONFIRM",
"url": "http://www.amavis.org/security/asa-2007-2.txt"
},
{
"name": "multiple-vendor-zoo-dos(34080)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
},
{
"name": "36208",
"refsource": "OSVDB",
"url": "http://osvdb.org/36208"
},
{
"name": "23823",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23823"
},
{
"name": "25315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25315"
},
{
"name": "20070504 Multiple vendors ZOO file decompression infinite loop DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
},
{
"name": "2680",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2680"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1673",
"datePublished": "2007-05-09T01:00:00",
"dateReserved": "2007-03-24T00:00:00",
"dateUpdated": "2024-08-07T13:06:25.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2536 (GCVE-0-2007-2536)
Vulnerability from cvelistv5
Published
2007-05-09 01:00
Modified
2024-08-07 13:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PicoZip allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:33.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "multiple-vendor-zoo-dos(34080)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
},
{
"name": "41751",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/41751"
},
{
"name": "23823",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23823"
},
{
"name": "20070504 Multiple vendors ZOO file decompression infinite loop DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
},
{
"name": "2680",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2680"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PicoZip allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "multiple-vendor-zoo-dos(34080)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
},
{
"name": "41751",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/41751"
},
{
"name": "23823",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23823"
},
{
"name": "20070504 Multiple vendors ZOO file decompression infinite loop DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
},
{
"name": "2680",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2680"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PicoZip allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "multiple-vendor-zoo-dos(34080)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
},
{
"name": "41751",
"refsource": "OSVDB",
"url": "http://osvdb.org/41751"
},
{
"name": "23823",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23823"
},
{
"name": "20070504 Multiple vendors ZOO file decompression infinite loop DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
},
{
"name": "2680",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2680"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2536",
"datePublished": "2007-05-09T01:00:00",
"dateReserved": "2007-05-08T00:00:00",
"dateUpdated": "2024-08-07T13:42:33.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2909 (GCVE-0-2006-2909)
Vulnerability from cvelistv5
Published
2006-06-16 10:00
Modified
2024-08-07 18:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the info tip shell extension (zipinfo.dll) in PicoZip 4.01 allows remote attackers to execute arbitrary code via a long filename in an (1) ACE, (2) RAR, or (3) ZIP archive, which is triggered when the user moves the mouse over the archive.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:27.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26447",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26447"
},
{
"name": "1104",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1104"
},
{
"name": "18425",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18425"
},
{
"name": "20481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20481"
},
{
"name": "20060616 Re: Secunia Research: PicoZip \"zipinfo.dll\" Multiple Archives BufferOverflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/437450/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2006-42/advisory/"
},
{
"name": "ADV-2006-2330",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2330"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.picozip.com/changelog.html"
},
{
"name": "20060614 Secunia Research: PicoZip \"zipinfo.dll\" Multiple Archives BufferOverflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/437103/100/0/threaded"
},
{
"name": "1016308",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016308"
},
{
"name": "picozip-zipinfo-bo(27096)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27096"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the info tip shell extension (zipinfo.dll) in PicoZip 4.01 allows remote attackers to execute arbitrary code via a long filename in an (1) ACE, (2) RAR, or (3) ZIP archive, which is triggered when the user moves the mouse over the archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "26447",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26447"
},
{
"name": "1104",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1104"
},
{
"name": "18425",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18425"
},
{
"name": "20481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20481"
},
{
"name": "20060616 Re: Secunia Research: PicoZip \"zipinfo.dll\" Multiple Archives BufferOverflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/437450/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2006-42/advisory/"
},
{
"name": "ADV-2006-2330",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2330"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.picozip.com/changelog.html"
},
{
"name": "20060614 Secunia Research: PicoZip \"zipinfo.dll\" Multiple Archives BufferOverflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/437103/100/0/threaded"
},
{
"name": "1016308",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016308"
},
{
"name": "picozip-zipinfo-bo(27096)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27096"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2006-2909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the info tip shell extension (zipinfo.dll) in PicoZip 4.01 allows remote attackers to execute arbitrary code via a long filename in an (1) ACE, (2) RAR, or (3) ZIP archive, which is triggered when the user moves the mouse over the archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26447",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26447"
},
{
"name": "1104",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1104"
},
{
"name": "18425",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18425"
},
{
"name": "20481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20481"
},
{
"name": "20060616 Re: Secunia Research: PicoZip \"zipinfo.dll\" Multiple Archives BufferOverflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437450/100/100/threaded"
},
{
"name": "http://secunia.com/secunia_research/2006-42/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2006-42/advisory/"
},
{
"name": "ADV-2006-2330",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2330"
},
{
"name": "http://www.picozip.com/changelog.html",
"refsource": "CONFIRM",
"url": "http://www.picozip.com/changelog.html"
},
{
"name": "20060614 Secunia Research: PicoZip \"zipinfo.dll\" Multiple Archives BufferOverflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437103/100/0/threaded"
},
{
"name": "1016308",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016308"
},
{
"name": "picozip-zipinfo-bo(27096)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27096"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2006-2909",
"datePublished": "2006-06-16T10:00:00",
"dateReserved": "2006-06-08T00:00:00",
"dateUpdated": "2024-08-07T18:06:27.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2058 (GCVE-0-2007-2058)
Vulnerability from cvelistv5
Published
2007-04-18 02:20
Modified
2024-08-07 13:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in Acubix PicoZip 4.02 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the file path in an (1) GZ, (2) TAR, (3) RAR, (4) JAR, or (5) ZIP archive.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:23:49.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23471",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23471"
},
{
"name": "ADV-2007-1377",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1377"
},
{
"name": "picozip-archive-directory-traversal(33639)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33639"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugtraq.ir/articles/advisory/picozip_directory_traversal/9"
},
{
"name": "24868",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24868"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Acubix PicoZip 4.02 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the file path in an (1) GZ, (2) TAR, (3) RAR, (4) JAR, or (5) ZIP archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23471",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23471"
},
{
"name": "ADV-2007-1377",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1377"
},
{
"name": "picozip-archive-directory-traversal(33639)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33639"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugtraq.ir/articles/advisory/picozip_directory_traversal/9"
},
{
"name": "24868",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24868"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Acubix PicoZip 4.02 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the file path in an (1) GZ, (2) TAR, (3) RAR, (4) JAR, or (5) ZIP archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23471"
},
{
"name": "ADV-2007-1377",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1377"
},
{
"name": "picozip-archive-directory-traversal(33639)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33639"
},
{
"name": "http://www.bugtraq.ir/articles/advisory/picozip_directory_traversal/9",
"refsource": "MISC",
"url": "http://www.bugtraq.ir/articles/advisory/picozip_directory_traversal/9"
},
{
"name": "24868",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24868"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2058",
"datePublished": "2007-04-18T02:20:00",
"dateReserved": "2007-04-17T00:00:00",
"dateUpdated": "2024-08-07T13:23:49.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}