Directory traversal vulnerability in a third-party compression library (UNACEV2.DLL), as used in avast! Antivirus Home/Professional Edition 4.6.665 and Server Edition 4.6.460, allows remote attackers to write arbitrary files via an ACE archive containing filenames with (1) .. or (2) absolute pathnames.
References
Link | Resource |
---|---|
http://secunia.com/advisories/15776 | Patch Vendor Advisory |
http://secunia.com/secunia_research/2005-20/advisory/ | Patch Vendor Advisory |
http://securitytracker.com/id?1014544 | |
http://www.avast.com/eng/av4_revision_history.html | |
http://secunia.com/advisories/15776 | Patch Vendor Advisory |
http://secunia.com/secunia_research/2005-20/advisory/ | Patch Vendor Advisory |
http://securitytracker.com/id?1014544 | |
http://www.avast.com/eng/av4_revision_history.html |
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:59
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/15776 - Patch, Vendor Advisory | |
References | () http://secunia.com/secunia_research/2005-20/advisory/ - Patch, Vendor Advisory | |
References | () http://securitytracker.com/id?1014544 - | |
References | () http://www.avast.com/eng/av4_revision_history.html - |
Information
Published : 2005-07-27 04:00
Updated : 2024-11-20 23:59
NVD link : CVE-2005-2384
Mitre link : CVE-2005-2384
CVE.ORG link : CVE-2005-2384
JSON object : View
Products Affected
alwil
- avast_antivirus
CWE