CVE-2005-2720 - OpenCVE

Stack-based buffer overflow in the ACE archive decompression library (vrAZace.dll) in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall, when compressed file scanning is enabled, allows remote attackers to execute arbitrary code via an ACE archive that contains a file with a long filename.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hauri	Livecall Virobot Advanced Server Virobot Expert Virobot Linux Server

Configuration 1 [-]

OR	cpe:2.3:a:hauri:livecall::::::::
	cpe:2.3:a:hauri:virobot_advanced_server::::::::
	cpe:2.3:a:hauri:virobot_expert:4.0:::::::*
	cpe:2.3:a:hauri:virobot_linux_server:2.0:::::::*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=112490854126619&w=2
http://secunia.com/advisories/16488/
http://secunia.com/secunia_research/2005-33/advisory/
http://www.securityfocus.com/bid/14647
https://exchange.xforce.ibmcloud.com/vulnerabilities/22005

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-08-29T04:00:00

Updated: 2024-08-07T22:45:02.129Z

Reserved: 2005-08-29T00:00:00

Link: CVE-2005-2720

Vulnrichment

No data.

NVD

Status : Modified

Published: 2005-08-30T11:45:00.000

Modified: 2017-07-11T01:32:57.423

Link: CVE-2005-2720

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-08-24T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the ACE archive decompression library (vrAZace.dll) in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall, when compressed file scanning is enabled, allows remote attackers to execute arbitrary code via an ACE archive that contains a file with a long filename."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "16488", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/16488/"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2005-33/advisory/"}, {"name": "14647", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/14647"}, {"name": "hauri-ace-vrazace-bo(22005)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22005"}, {"name": "20050824 Secunia Research: HAURI Anti-Virus ACE Archive Handling Buffer", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=112490854126619&w=2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-2720", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in the ACE archive decompression library (vrAZace.dll) in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall, when compressed file scanning is enabled, allows remote attackers to execute arbitrary code via an ACE archive that contains a file with a long filename."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "16488", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/16488/"}, {"name": "http://secunia.com/secunia_research/2005-33/advisory/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2005-33/advisory/"}, {"name": "14647", "refsource": "BID", "url": "http://www.securityfocus.com/bid/14647"}, {"name": "hauri-ace-vrazace-bo(22005)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22005"}, {"name": "20050824 Secunia Research: HAURI Anti-Virus ACE Archive Handling Buffer", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=112490854126619&w=2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T22:45:02.129Z"}, "title": "CVE Program Container", "references": [{"name": "16488", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/16488/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secunia.com/secunia_research/2005-33/advisory/"}, {"name": "14647", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/14647"}, {"name": "hauri-ace-vrazace-bo(22005)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22005"}, {"name": "20050824 Secunia Research: HAURI Anti-Virus ACE Archive Handling Buffer", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=112490854126619&w=2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-2720", "datePublished": "2005-08-29T04:00:00", "dateReserved": "2005-08-29T00:00:00", "dateUpdated": "2024-08-07T22:45:02.129Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hauri:livecall:*:*:*:*:*:*:*:*", "matchCriteriaId": "E56296DA-A1F6-44A6-9394-FCD32ABC16C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:hauri:virobot_advanced_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "74A95949-84D0-461D-B864-434AA68DA501", "vulnerable": true}, {"criteria": "cpe:2.3:a:hauri:virobot_expert:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "40BE675C-5081-406A-8802-333326E8F78C", "vulnerable": true}, {"criteria": "cpe:2.3:a:hauri:virobot_linux_server:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CCDAD7E7-135D-4EE2-8C5F-641D6647F749", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the ACE archive decompression library (vrAZace.dll) in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall, when compressed file scanning is enabled, allows remote attackers to execute arbitrary code via an ACE archive that contains a file with a long filename."}], "id": "CVE-2005-2720", "lastModified": "2017-07-11T01:32:57.423", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-08-30T11:45:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=112490854126619&w=2"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/16488/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/secunia_research/2005-33/advisory/"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/14647"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22005"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}