CVE-2005-2384

Опубликовано: 27 июл. 2005

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Directory traversal vulnerability in a third-party compression library (UNACEV2.DLL), as used in avast! Antivirus Home/Professional Edition 4.6.665 and Server Edition 4.6.460, allows remote attackers to write arbitrary files via an ACE archive containing filenames with (1) .. or (2) absolute pathnames.

Ссылки

http://secunia.com/advisories/15776
Patch
Vendor Advisory
http://secunia.com/secunia_research/2005-20/advisory/
Patch
Vendor Advisory
http://securitytracker.com/id?1014544
http://www.avast.com/eng/av4_revision_history.html
http://secunia.com/advisories/15776
Patch
Vendor Advisory
http://secunia.com/secunia_research/2005-20/advisory/
Patch
Vendor Advisory
http://securitytracker.com/id?1014544
http://www.avast.com/eng/av4_revision_history.html

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:alwil:avast_antivirus:4.6.460:*:server:*:*:*:*:*

cpe:2.3:a:alwil:avast_antivirus:4.6.665:*:home:*:*:*:*:*

cpe:2.3:a:alwil:avast_antivirus:4.6.665:*:pro:*:*:*:*:*

EPSS

Процентиль: 85%

0.02456

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-v34h-4v23-vppf

github

почти 4 года назад