CVE-2006-4359 - Vulnerability Details - OpenCVE

Stack-based buffer overflow in Trident Software PowerZip 7.06 Build 3895 on Windows 2000 allows remote attackers to execute arbitrary code via a ZIP archive containing a long filename.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Trident Software	Powerzip

Configuration 1 [-]

cpe:2.3:a:trident_software:powerzip:7.06_build_3895:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/21556
http://vuln.sg/powerzip706-en.html
http://www.securityfocus.com/bid/19671
http://www.vupen.com/english/advisories/2006/3360
https://exchange.xforce.ibmcloud.com/vulnerabilities/28534

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-08-25T23:00:00

Updated: 2024-08-07T19:06:07.525Z

Reserved: 2006-08-25T00:00:00

Link: CVE-2006-4359

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-08-27T02:04:00.000

Modified: 2024-11-21T00:15:46.140

Link: CVE-2006-4359

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-08-23T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in Trident Software PowerZip 7.06 Build 3895 on Windows 2000 allows remote attackers to execute arbitrary code via a ZIP archive containing a long filename."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "19671", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19671"}, {"name": "powerzip-filename-bo(28534)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28534"}, {"name": "21556", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21556"}, {"name": "ADV-2006-3360", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3360"}, {"tags": ["x_refsource_MISC"], "url": "http://vuln.sg/powerzip706-en.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4359", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in Trident Software PowerZip 7.06 Build 3895 on Windows 2000 allows remote attackers to execute arbitrary code via a ZIP archive containing a long filename."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "19671", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19671"}, {"name": "powerzip-filename-bo(28534)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28534"}, {"name": "21556", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21556"}, {"name": "ADV-2006-3360", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3360"}, {"name": "http://vuln.sg/powerzip706-en.html", "refsource": "MISC", "url": "http://vuln.sg/powerzip706-en.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:06:07.525Z"}, "title": "CVE Program Container", "references": [{"name": "19671", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/19671"}, {"name": "powerzip-filename-bo(28534)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28534"}, {"name": "21556", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21556"}, {"name": "ADV-2006-3360", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/3360"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://vuln.sg/powerzip706-en.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4359", "datePublished": "2006-08-25T23:00:00", "dateReserved": "2006-08-25T00:00:00", "dateUpdated": "2024-08-07T19:06:07.525Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trident_software:powerzip:7.06_build_3895:*:*:*:*:*:*:*", "matchCriteriaId": "A12FCFF9-1E26-432D-A2F1-01AF6E8538C8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in Trident Software PowerZip 7.06 Build 3895 on Windows 2000 allows remote attackers to execute arbitrary code via a ZIP archive containing a long filename."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en Trident Software PowerZip 7.06 Build 3895 en Windows 2000 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un archivo ZIP que contiene un nombre de fichero largo."}], "id": "CVE-2006-4359", "lastModified": "2024-11-21T00:15:46.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2006-08-27T02:04:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/21556"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://vuln.sg/powerzip706-en.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/19671"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/3360"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28534"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/21556"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://vuln.sg/powerzip706-en.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/19671"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/3360"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28534"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}