CVE-2005-3831
SpeedProject SpeedCommander, Squeez, ZipStar - Stack-based Buffer Overflow via Long Filename in ZIP Archive
Title source: llmDescription
Stack-based buffer overflow in (1) CxZIP60.dll and (2) CxZIP60u.dll, as used in SpeedProject products including (a) ZipStar 5.0 Build 4285, (b) Squeez 5.0 Build 4285, and (c) SpeedCommander 11.0 Build 4430 and 10.51 Build 4430, allows user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename.
References (8)
Core 8
Core References
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2570
Patch, Vendor Advisory vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015267
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/21073
Patch, Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2005-60/advisory
Patch, Vendor Advisory vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015265
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/417588/30/0/threaded
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17420
Patch, Vendor Advisory vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015266
Scores
EPSS
0.0260
EPSS Percentile
83.6%
Details
CWE
CWE-119
Status
published
Products (4)
speedproject/speedcommander
10.51_build4430
speedproject/speedcommander
11.0_build4430
speedproject/squeez
5.0_build_4285
speedproject/zipstar
5.0_build_4285
Published
Nov 26, 2005
Tracked Since
Feb 18, 2026