Vulnerability Description
Stack-based buffer overflow in (1) CxZIP60.dll and (2) CxZIP60u.dll, as used in SpeedProject products including (a) ZipStar 5.0 Build 4285, (b) Squeez 5.0 Build 4285, and (c) SpeedCommander 11.0 Build 4430 and 10.51 Build 4430, allows user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Speedproject | Speedcommander | 10.51_build4430 |
| Speedproject | Squeez | 5.0_build_4285 |
| Speedproject | Zipstar | 5.0_build_4285 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/17420PatchVendor Advisory
- http://secunia.com/secunia_research/2005-60/advisoryPatchVendor Advisory
- http://securitytracker.com/id?1015265PatchVendor Advisory
- http://securitytracker.com/id?1015266PatchVendor Advisory
- http://securitytracker.com/id?1015267PatchVendor Advisory
- http://www.osvdb.org/21073
- http://www.securityfocus.com/archive/1/417588/30/0/threaded
- http://www.vupen.com/english/advisories/2005/2570Vendor Advisory
- http://secunia.com/advisories/17420PatchVendor Advisory
- http://secunia.com/secunia_research/2005-60/advisoryPatchVendor Advisory
- http://securitytracker.com/id?1015265PatchVendor Advisory
- http://securitytracker.com/id?1015266PatchVendor Advisory
- http://securitytracker.com/id?1015267PatchVendor Advisory
- http://www.osvdb.org/21073
- http://www.securityfocus.com/archive/1/417588/30/0/threaded
FAQ
What is CVE-2005-3831?
CVE-2005-3831 is a vulnerability with a CVSS score of 5.1 (MEDIUM). Stack-based buffer overflow in (1) CxZIP60.dll and (2) CxZIP60u.dll, as used in SpeedProject products including (a) ZipStar 5.0 Build 4285, (b) Squeez 5.0 Build 4285, and (c) SpeedCommander 11.0 Build...
How severe is CVE-2005-3831?
CVE-2005-3831 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3831?
Check the references section above for vendor advisories and patch information. Affected products include: Speedproject Speedcommander, Speedproject Squeez, Speedproject Zipstar.