Vulnerability Description
The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier does not handle non-ZIP archives, which allows remote attackers to bypass the malware detection via files with (1) RAR, (2) GZ, (3) TAR, (4) CAB, or (5) ACE compression.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webroot Software | Spy Sweeper | <= 4.5.9 |
References
- http://www.osvdb.org/27536Vendor Advisory
- http://www.securityfocus.com/archive/1/437814/100/200/threaded
- http://www.sentinel.gr/advisories/SGA-0001.txtVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27266
- http://www.osvdb.org/27536Vendor Advisory
- http://www.securityfocus.com/archive/1/437814/100/200/threaded
- http://www.sentinel.gr/advisories/SGA-0001.txtVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27266
FAQ
What is CVE-2006-6960?
CVE-2006-6960 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier does not handle non-ZIP archives, which allows remote attackers to bypass the malware detection via files with (1) RAR, (2) GZ, (...
How severe is CVE-2006-6960?
CVE-2006-6960 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6960?
Check the references section above for vendor advisories and patch information. Affected products include: Webroot Software Spy Sweeper.