CVE-2005-3061 - OpenCVE

Multiple stack-based buffer overflows in PowerArchiver 8.10 through 9.5 Beta 4 and Beta 5 allow remote attackers to execute arbitrary code via a long filename in a (1) ACE or (2) ARJ archive.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Powerarchiver	Powerarchiver 2002 Powerarchiver 2003 Powerarchiver 2004 Powerarchiver 2006

Configuration 1 [-]

OR	cpe:2.3:a:powerarchiver:powerarchiver_2002:8.10:::::::*
	cpe:2.3:a:powerarchiver:powerarchiver_2003:8.60:::::::*
	cpe:2.3:a:powerarchiver:powerarchiver_2004:9.25:::::::*
	cpe:2.3:a:powerarchiver:powerarchiver_2006:9.5_beta_4:::::::*
	cpe:2.3:a:powerarchiver:powerarchiver_2006:9.5_beta_5:::::::*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=112748874211458&w=2
http://secunia.com/advisories/16713/
http://secunia.com/secunia_research/2005-50/advisory/
http://securityreason.com/securityalert/23
http://www.securityfocus.com/bid/14922

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-09-27T04:00:00

Updated: 2024-08-07T22:53:30.475Z

Reserved: 2005-09-27T00:00:00

Link: CVE-2005-3061

Vulnrichment

No data.

NVD

Status : Modified

Published: 2005-09-27T19:03:00.000

Modified: 2016-10-18T03:32:39.700

Link: CVE-2005-3061

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-09-23T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in PowerArchiver 8.10 through 9.5 Beta 4 and Beta 5 allow remote attackers to execute arbitrary code via a long filename in a (1) ACE or (2) ARJ archive."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "23", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/23"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2005-50/advisory/"}, {"name": "16713", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/16713/"}, {"name": "14922", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/14922"}, {"name": "20050923 Secunia Research: PowerArchiver ACE/ARJ Archive Handling Buffer", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=112748874211458&w=2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-3061", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple stack-based buffer overflows in PowerArchiver 8.10 through 9.5 Beta 4 and Beta 5 allow remote attackers to execute arbitrary code via a long filename in a (1) ACE or (2) ARJ archive."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "23", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/23"}, {"name": "http://secunia.com/secunia_research/2005-50/advisory/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2005-50/advisory/"}, {"name": "16713", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/16713/"}, {"name": "14922", "refsource": "BID", "url": "http://www.securityfocus.com/bid/14922"}, {"name": "20050923 Secunia Research: PowerArchiver ACE/ARJ Archive Handling Buffer", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=112748874211458&w=2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T22:53:30.475Z"}, "title": "CVE Program Container", "references": [{"name": "23", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/23"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secunia.com/secunia_research/2005-50/advisory/"}, {"name": "16713", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/16713/"}, {"name": "14922", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/14922"}, {"name": "20050923 Secunia Research: PowerArchiver ACE/ARJ Archive Handling Buffer", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=112748874211458&w=2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-3061", "datePublished": "2005-09-27T04:00:00", "dateReserved": "2005-09-27T00:00:00", "dateUpdated": "2024-08-07T22:53:30.475Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:powerarchiver:powerarchiver_2002:8.10:*:*:*:*:*:*:*", "matchCriteriaId": "0610CF40-B0A2-4467-8098-BEF4D225BA59", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerarchiver:powerarchiver_2003:8.60:*:*:*:*:*:*:*", "matchCriteriaId": "1DE59561-FACC-40C8-8A81-3E843B7B41AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerarchiver:powerarchiver_2004:9.25:*:*:*:*:*:*:*", "matchCriteriaId": "E1F54F66-32E4-4AF3-A0AA-5D3A99F6B25F", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerarchiver:powerarchiver_2006:9.5_beta_4:*:*:*:*:*:*:*", "matchCriteriaId": "B509E8DE-C146-4D1B-A1D6-86ECE601D76B", "vulnerable": true}, {"criteria": "cpe:2.3:a:powerarchiver:powerarchiver_2006:9.5_beta_5:*:*:*:*:*:*:*", "matchCriteriaId": "6AAE8459-61F7-4251-8DE1-36F80A740043", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in PowerArchiver 8.10 through 9.5 Beta 4 and Beta 5 allow remote attackers to execute arbitrary code via a long filename in a (1) ACE or (2) ARJ archive."}], "id": "CVE-2005-3061", "lastModified": "2016-10-18T03:32:39.700", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-09-27T19:03:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=112748874211458&w=2"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/16713/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2005-50/advisory/"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/23"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/14922"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}