CVE编号
CVE-2005-2856利用情况
暂无补丁情况
N/A披露时间
2005-09-08漏洞描述
在2.6.0.0之前的WinACE UNACEV2.DLL第三方压缩实用程序中基于堆栈的缓冲区溢出,用于多种产品,包括(1)ALZip 5.51至6.11,(2)Servant Salamander 2.0和2.5 Beta 1,(3)WinHKI 1.66和1.67,(4)ExtractNow 3.x,(5)Total Commander 6.53,(6)Anti-Trojan 5.5.421,(7)9.61之前的PowerArchiver,(8)UltimateZip 2.7、1、3.0.3和3.1 b,(9)在哪里(WhereIsIt)3.73.501,(10)FilZip 3.04,(11)IZArc 3.5 beta3,(12)Eazel 1.0,(13)Rising Antivirus 18.27.21和更早版本,(14)AutoMate 6.1 .0.0,(15)BitZipper 4.1 SR-1,(16)ZipTV和其他产品,允许用户协助的攻击者通过ACE archive中的长文件名执行任意代码。解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
|---|---|
| http://marc.info/?l=bugtraq&m=112621008228458&w=2 | |
| http://secunia.com/advisories/16479 | |
| http://secunia.com/advisories/19454 | |
| http://secunia.com/advisories/19458 | |
| http://secunia.com/advisories/19581 | |
| http://secunia.com/advisories/19596 | |
| http://secunia.com/advisories/19612 | |
| http://secunia.com/advisories/19834 | |
| http://secunia.com/advisories/19890 | |
| http://secunia.com/advisories/19931 | |
| http://secunia.com/advisories/19938 | |
| http://secunia.com/advisories/19939 | |
| http://secunia.com/advisories/19967 | |
| http://secunia.com/advisories/19975 | |
| http://secunia.com/advisories/19977 | |
| http://secunia.com/advisories/20009 | |
| http://secunia.com/advisories/20270 | |
| http://secunia.com/secunia_research/2005-41/advisory/ | |
| http://secunia.com/secunia_research/2006-24/advisory | |
| http://secunia.com/secunia_research/2006-25/advisory | |
| http://secunia.com/secunia_research/2006-27/ | |
| http://secunia.com/secunia_research/2006-28/advisory | |
| http://secunia.com/secunia_research/2006-29/advisory/ | |
| http://secunia.com/secunia_research/2006-30/advisory | |
| http://secunia.com/secunia_research/2006-32/advisory/ | |
| http://secunia.com/secunia_research/2006-33/advisory/ | |
| http://secunia.com/secunia_research/2006-36/advisory | |
| http://secunia.com/secunia_research/2006-38/advisory | |
| http://secunia.com/secunia_research/2006-46/advisory/ | |
| http://secunia.com/secunia_research/2006-50/advisory/ | |
| http://securityreason.com/securityalert/49 | |
| http://securitytracker.com/id?1014863 | |
| http://securitytracker.com/id?1015852 | |
| http://securitytracker.com/id?1016011 | |
| http://securitytracker.com/id?1016012 | |
| http://securitytracker.com/id?1016065 | |
| http://securitytracker.com/id?1016066 | |
| http://securitytracker.com/id?1016088 | |
| http://securitytracker.com/id?1016114 | |
| http://securitytracker.com/id?1016115 | |
| http://securitytracker.com/id?1016177 | |
| http://securitytracker.com/id?1016257 | |
| http://securitytracker.com/id?1016512 | |
| http://www.osvdb.org/25129 | |
| http://www.securityfocus.com/archive/1/432357/100/0/threaded | |
| http://www.securityfocus.com/archive/1/432579/100/0/threaded | |
| http://www.securityfocus.com/archive/1/433258/100/0/threaded | |
| http://www.securityfocus.com/archive/1/433352/100/0/threaded | |
| http://www.securityfocus.com/archive/1/433693/100/0/threaded | |
| http://www.securityfocus.com/archive/1/434011/100/0/threaded | |
| http://www.securityfocus.com/archive/1/434234/100/0/threaded | |
| http://www.securityfocus.com/archive/1/434279/100/0/threaded | |
| http://www.securityfocus.com/archive/1/436639/100/0/threaded | |
| http://www.securityfocus.com/archive/1/440303/100/0/threaded | |
| http://www.securityfocus.com/bid/14759 | |
| http://www.securityfocus.com/bid/19884 | |
| http://www.vupen.com/english/advisories/2006/1565 | |
| http://www.vupen.com/english/advisories/2006/1577 | |
| http://www.vupen.com/english/advisories/2006/1611 | |
| http://www.vupen.com/english/advisories/2006/1681 | |
| http://www.vupen.com/english/advisories/2006/1694 | |
| http://www.vupen.com/english/advisories/2006/1725 | |
| http://www.vupen.com/english/advisories/2006/1775 | |
| http://www.vupen.com/english/advisories/2006/1797 | |
| http://www.vupen.com/english/advisories/2006/1835 | |
| http://www.vupen.com/english/advisories/2006/1836 | |
| http://www.vupen.com/english/advisories/2006/2047 | |
| http://www.vupen.com/english/advisories/2006/2184 | |
| http://www.vupen.com/english/advisories/2006/2824 | |
| http://www.vupen.com/english/advisories/2006/3495 | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26116 | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26142 | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26168 | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26272 | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26302 | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26315 | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26385 | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26447 | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26479 | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26480 | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26736 | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26982 | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27763 | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28787 |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | winace | winace | 2.6.0.0 | - | |||||
- 攻击路径 网络
- 攻击复杂度 低
- 权限要求 无
- 影响范围 N/A
- 用户交互 无
- 可用性 部分地
- 保密性 部分地
- 完整性 部分地
还没有评论,来说两句吧...