Vulnerabilidad en TZipBuilder, Abakt, CAM UnZip y posiblemente en otros productos (CVE-2006-2161)
Gravedad CVSS v2.0:
MEDIA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
09/05/2006
Última modificación:
03/04/2025
Descripción
Desbordamiento de búfer en (1) TZipBuilder 1.79.03.01, (2) Abakt 0.9.2 y 0.9.3-beta1, (3) CAM UnZip 4.0 y 4.3 y posiblemente en otros productos, permite a atacantes asistidos por usuario ejecutar código arbitrario a través de un archivo ZIP que contiene un archivo con un nombre de archivo largo.
Impacto
Puntuación base 2.0
5.10
Gravedad 2.0
MEDIA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:cam_development:cam_unzip:4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cam_development:cam_unzip:4.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:erik_dienske:abakt:0.9.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:erik_dienske:abakt:0.9.3_beta1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roger_aelbrecht:tzipbuilder:1.79.03.01:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://marc.info/?l=full-disclosure&m=114771024009857&w=2
- http://secunia.com/advisories/19945
- http://secunia.com/advisories/19946
- http://secunia.com/advisories/20068
- http://secunia.com/secunia_research/2006-26/advisory
- http://secunia.com/secunia_research/2006-31/advisory/
- http://secunia.com/secunia_research/2006-34/advisory/
- http://securityreason.com/securityalert/853
- http://securitytracker.com/id?1016064=
- http://securitytracker.com/id?1016107=
- http://www.securityfocus.com/archive/1/433257/100/0/threaded
- http://www.securityfocus.com/archive/1/434019/100/0/threaded
- http://www.securityfocus.com/archive/1/434520/100/0/threaded
- http://www.securityfocus.com/bid/17880
- http://www.vupen.com/english/advisories/2006/1687
- http://www.vupen.com/english/advisories/2006/1805
- http://www.vupen.com/english/advisories/2006/1865
- http://www.xs4all.nl/~edienske/abakt/releases.html#0.9.3-RC1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26275
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26435
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26549
- http://marc.info/?l=full-disclosure&m=114771024009857&w=2
- http://secunia.com/advisories/19945
- http://secunia.com/advisories/19946
- http://secunia.com/advisories/20068
- http://secunia.com/secunia_research/2006-26/advisory
- http://secunia.com/secunia_research/2006-31/advisory/
- http://secunia.com/secunia_research/2006-34/advisory/
- http://securityreason.com/securityalert/853
- http://securitytracker.com/id?1016064=
- http://securitytracker.com/id?1016107=
- http://www.securityfocus.com/archive/1/433257/100/0/threaded
- http://www.securityfocus.com/archive/1/434019/100/0/threaded
- http://www.securityfocus.com/archive/1/434520/100/0/threaded
- http://www.securityfocus.com/bid/17880
- http://www.vupen.com/english/advisories/2006/1687
- http://www.vupen.com/english/advisories/2006/1805
- http://www.vupen.com/english/advisories/2006/1865
- http://www.xs4all.nl/~edienske/abakt/releases.html#0.9.3-RC1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26275
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26435
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26549