CVE-2005-3831

SpeedProject SpeedCommander, Squeez, ZipStar - Stack-based Buffer Overflow via Long Filename in ZIP Archive

Title source: llm
STIX 2.1

Description

Stack-based buffer overflow in (1) CxZIP60.dll and (2) CxZIP60u.dll, as used in SpeedProject products including (a) ZipStar 5.0 Build 4285, (b) Squeez 5.0 Build 4285, and (c) SpeedCommander 11.0 Build 4430 and 10.51 Build 4430, allows user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename.

References (8)

Core 8
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2570
Patch, Vendor Advisory vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015267
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21073
Patch, Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2005-60/advisory
Patch, Vendor Advisory vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015265
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/417588/30/0/threaded
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17420
Patch, Vendor Advisory vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015266

Scores

EPSS 0.0260
EPSS Percentile 83.6%

Details

CWE
CWE-119
Status published
Products (4)
speedproject/speedcommander 10.51_build4430
speedproject/speedcommander 11.0_build4430
speedproject/squeez 5.0_build_4285
speedproject/zipstar 5.0_build_4285
Published Nov 26, 2005
Tracked Since Feb 18, 2026