Vulnerability Description
Multiple buffer overflows in (1) CxAce60.dll and (2) CxAce60u.dll in SpeedProject Squeez 5.10 Build 4460, and SpeedCommander 10.52 Build 4450 and 11.01 Build 4450, allow user-assisted remote attackers to execute arbitrary code via an ACE archive that contains a file with a long filename.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Speedproject | Speedcommander | 10.52_build4450 |
| Speedproject | Squeez | 5.10_build_4460 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/19473PatchVendor Advisory
- http://secunia.com/secunia_research/2006-23/advisoryVendor Advisory
- http://securityreason.com/securityalert/820
- http://securitytracker.com/id?1016002
- http://securitytracker.com/id?1016003
- http://www.osvdb.org/24990
- http://www.securityfocus.com/archive/1/432101/100/0/threaded
- http://www.securityfocus.com/bid/17709
- http://www.speedproject.de/enu/
- http://www.vupen.com/english/advisories/2006/1535Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26115
- http://secunia.com/advisories/19473PatchVendor Advisory
- http://secunia.com/secunia_research/2006-23/advisoryVendor Advisory
- http://securityreason.com/securityalert/820
- http://securitytracker.com/id?1016002
FAQ
What is CVE-2006-2085?
CVE-2006-2085 is a vulnerability with a CVSS score of 5.1 (MEDIUM). Multiple buffer overflows in (1) CxAce60.dll and (2) CxAce60u.dll in SpeedProject Squeez 5.10 Build 4460, and SpeedCommander 10.52 Build 4450 and 11.01 Build 4450, allow user-assisted remote attackers...
How severe is CVE-2006-2085?
CVE-2006-2085 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2085?
Check the references section above for vendor advisories and patch information. Affected products include: Speedproject Speedcommander, Speedproject Squeez.