CVE-2009-2261
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
30/06/2009
Last modified:
09/04/2025
Description
PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains | (pipe) characters and a command.
Impact
Base Score 2.0
9.30
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:giorgio_tani:peazip:*:-:windows:*:*:*:*:* | 2.5.1 (including) | |
| cpe:2.3:a:giorgio_tani:peazip:1.0:-:windows:*:*:*:*:* | ||
| cpe:2.3:a:giorgio_tani:peazip:1.1:-:windows:*:*:*:*:* | ||
| cpe:2.3:a:giorgio_tani:peazip:1.2:-:windows:*:*:*:*:* | ||
| cpe:2.3:a:giorgio_tani:peazip:1.3:-:windows:*:*:*:*:* | ||
| cpe:2.3:a:giorgio_tani:peazip:1.4:-:windows:*:*:*:*:* | ||
| cpe:2.3:a:giorgio_tani:peazip:1.5:-:windows:*:*:*:*:* | ||
| cpe:2.3:a:giorgio_tani:peazip:1.6:-:windows:*:*:*:*:* | ||
| cpe:2.3:a:giorgio_tani:peazip:1.7:-:windows:*:*:*:*:* | ||
| cpe:2.3:a:giorgio_tani:peazip:1.8:-:windows:*:*:*:*:* | ||
| cpe:2.3:a:giorgio_tani:peazip:1.8.1:-:windows:*:*:*:*:* | ||
| cpe:2.3:a:giorgio_tani:peazip:1.8.2:-:windows:*:*:*:*:* | ||
| cpe:2.3:a:giorgio_tani:peazip:1.9:-:windows:*:*:*:*:* | ||
| cpe:2.3:a:giorgio_tani:peazip:1.9.1:-:windows:*:*:*:*:* | ||
| cpe:2.3:a:giorgio_tani:peazip:1.9.2:-:windows:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page