Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status
NVD contains:

Last updated: 10/22/2014 5:39:30 PM

CVE Publication rate: 53.23

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index
Vulnerability Workload Index: 15.23
About Us
NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

National Cyber Awareness System

Vulnerability Summary for CVE-2005-2856

Original release date: 09/08/2005
Last revised: 01/07/2014
Source: US-CERT/NIST

Overview

Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party compression utility before 2.6.0.0, as used in multiple products including (1) ALZip 5.51 through 6.11, (2) Servant Salamander 2.0 and 2.5 Beta 1, (3) WinHKI 1.66 and 1.67, (4) ExtractNow 3.x, (5) Total Commander 6.53, (6) Anti-Trojan 5.5.421, (7) PowerArchiver before 9.61, (8) UltimateZip 2.7,1, 3.0.3, and 3.1b, (9) Where Is It (WhereIsIt) 3.73.501, (10) FilZip 3.04, (11) IZArc 3.5 beta3, (12) Eazel 1.0, (13) Rising Antivirus 18.27.21 and earlier, (14) AutoMate 6.1.0.0, (15) BitZipper 4.1 SR-1, (16) ZipTV, and other products, allows user-assisted attackers to execute arbitrary code via a long filename in an ACE archive.

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: XF
Name: ultimatezip-unacev2-bo(26385)
External Source: XF
Name: risingantivirus-unacev2-bo(26736)
External Source: MISC
Name: http://secunia.com/secunia_research/2006-28/advisory
Type: Advisory
External Source: SECTRACK
Name: 1016257
External Source: VUPEN
Name: ADV-2006-1797
External Source: VUPEN
Name: ADV-2006-1611
External Source: MISC
Name: http://secunia.com/secunia_research/2006-33/advisory/
Type: Advisory
External Source: BUGTRAQ
Name: 20060501 Secunia Research: WinHKI unacev2.dll Buffer Overflow Vulnerability
External Source: SECUNIA
Name: 19890
Type: Advisory
External Source: SECUNIA
Name: 19596
External Source: SECUNIA
Name: 19967
Type: Advisory
External Source: SECUNIA
Name: 16479
Type: Advisory; Patch Information
External Source: SECUNIA
Name: 19454
Type: Advisory
External Source: SECTRACK
Name: 1016177
External Source: VUPEN
Name: ADV-2006-1725
External Source: XF
Name: powerarchiver-unacev2-ace-bo(26272)
External Source: SECUNIA
Name: 19977
Type: Advisory
External Source: BUGTRAQ
Name: 20060609 Secunia Research: AutoMate unacev2.dll Buffer OverflowVulnerability
External Source: SECUNIA
Name: 19834
Type: Advisory
External Source: SECUNIA
Name: 19931
External Source: MISC
Name: http://secunia.com/secunia_research/2006-30/advisory
Type: Advisory
External Source: VUPEN
Name: ADV-2006-1694
External Source: SECUNIA
Name: 19939
External Source: XF
Name: eazel-ztvunacev2-bo(26479)
External Source: VUPEN
Name: ADV-2006-1565
External Source: VUPEN
Name: ADV-2006-1835
External Source: SECTRACK
Name: 1015852
External Source: XF
Name: extractnow-unacev2-ace-bo(26168)
External Source: XF
Name: bitzipper-unacev2-bo(27763)
External Source: SECUNIA
Name: 19458
Type: Advisory
External Source: BUGTRAQ
Name: 20060517 Secunia Research: IZArc unacev2.dll Buffer Overflow Vulnerability
External Source: BUGTRAQ
Name: 20060517 Secunia Research: Eazel unacev2.dll Buffer Overflow Vulnerability
External Source: XF
Name: izarc-unacev2-bo(26480)
External Source: SECTRACK
Name: 1016115
External Source: SECTRACK
Name: 1016114
External Source: VUPEN
Name: ADV-2006-1681
External Source: BUGTRAQ
Name: 20060511 Secunia Research: UltimateZip unacev2.dll Buffer OverflowVulnerability
External Source: MISC
Name: http://secunia.com/secunia_research/2006-24/advisory
Type: Advisory
External Source: BUGTRAQ
Name: 20060508 Secunia Research: Anti-Trojan unacev2.dll Buffer OverflowVulnerability
External Source: OSVDB
Name: 25129
External Source: MISC
Name: http://secunia.com/secunia_research/2006-38/advisory
Type: Advisory
External Source: MISC
Name: http://secunia.com/secunia_research/2006-29/advisory/
Type: Advisory
External Source: MISC
Name: http://secunia.com/secunia_research/2006-50/advisory/
External Source: BUGTRAQ
Name: 20060717 Secunia Research: BitZipper unacev2.dll Buffer OverflowVulnerability
External Source: VUPEN
Name: ADV-2006-2824
External Source: XF
Name: filzip-unacev2-bo(26447)
External Source: SREASON
Name: 49
External Source: BUGTRAQ
Name: 20060509 Secunia Research: Where Is It unacev2.dll Buffer OverflowVulnerability
External Source: MISC
Name: http://secunia.com/secunia_research/2006-46/advisory/
External Source: XF
Name: automate-unacev2-bo(26982)
External Source: VUPEN
Name: ADV-2006-2047
External Source: MISC
Name: http://secunia.com/secunia_research/2006-32/advisory/
External Source: BUGTRAQ
Name: 20050908 Secunia Research: ALZip ACE Archive Handling Buffer Overflow
External Source: VUPEN
Name: ADV-2006-1577
External Source: SECTRACK
Name: 1014863
External Source: XF
Name: tziptv-unacev2-bo(28787)
External Source: BID
Name: 19884
External Source: SECTRACK
Name: 1016088
External Source: SECTRACK
Name: 1016512
External Source: XF
Name: servant-salamander-unacev2-bo(26116)
External Source: SECUNIA
Name: 20009
Type: Advisory
External Source: SECUNIA
Name: 19581
Type: Advisory
External Source: BID
Name: 14759
External Source: XF
Name: antitrojan-unacev2-bo(26302)
External Source: SECUNIA
Name: 19938
Type: Advisory
External Source: MISC
Name: http://secunia.com/secunia_research/2006-25/advisory
Type: Advisory
External Source: SECTRACK
Name: 1016065
External Source: SECUNIA
Name: 20270
External Source: SECUNIA
Name: 19975
Type: Advisory
External Source: VUPEN
Name: ADV-2006-1836
External Source: SECTRACK
Name: 1016066
External Source: SECTRACK
Name: 1016012
External Source: MISC
Name: http://secunia.com/secunia_research/2005-41/advisory/
External Source: MISC
Name: http://secunia.com/secunia_research/2006-36/advisory
Type: Advisory
External Source: XF
Name: winhki-unacev2-bo(26142)
External Source: VUPEN
Name: ADV-2006-1775
External Source: BUGTRAQ
Name: 20060428 Secunia Research: Servant Salamander unacev2.dll Buffer OverflowVulnerability
External Source: BUGTRAQ
Name: 20060515 Secunia Research: FilZip unacev2.dll Buffer Overflow Vulnerability
External Source: SECTRACK
Name: 1016011
External Source: SECUNIA
Name: 19612
External Source: VUPEN
Name: ADV-2006-3495
External Source: XF
Name: whereisit-unacev2-bo(26315)
External Source: VUPEN
Name: ADV-2006-2184
External Source: MISC
Name: http://secunia.com/secunia_research/2006-27/
Type: Advisory

Vulnerable software and versions

Skip Navigation Links.
* Denotes Vulnerable Software
Changes related to vulnerability configurations

Technical Details

Vulnerability Type (View All)