CVE-2006-2482 - Vulnerability Details - OpenCVE

Heap-based buffer overflow in the TZipTV component in (1) ZipTV for Delphi 7 2006.1.26 and for C++ Builder 2006-1.16, (2) PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221, and possibly other products, allows user-assisted attackers to execute arbitrary code via an ARJ archive with a long header. NOTE: the ACE archive vector is covered by CVE-2005-2856.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microchip Data Systems	Ziptv For C\+\+ Builder Ziptv For Delphi 7
Pentaware	Pentasuite-pro Pentazip

Configuration 1 [-]

OR	cpe:2.3:a:microchip_data_systems:ziptv_for_c\+\+_builder:2006.1.16:::::::*
	cpe:2.3:a:microchip_data_systems:ziptv_for_delphi_7:2006.1.26:::::::*
	cpe:2.3:a:pentaware:pentasuite-pro:8.5.1.221:::::::*
	cpe:2.3:a:pentaware:pentazip:8.5.1.190:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/20270
http://secunia.com/advisories/21458
http://secunia.com/secunia_research/2006-50/advisory/
http://secunia.com/secunia_research/2006-72/advisory/
http://www.securityfocus.com/bid/19884
http://www.vupen.com/english/advisories/2006/3495
http://www.vupen.com/english/advisories/2007/0235
https://exchange.xforce.ibmcloud.com/vulnerabilities/28785

History

No history.

MITRE

Status: PUBLISHED

Assigner: flexera

Published: 2006-09-08T21:00:00

Updated: 2024-08-07T17:51:04.788Z

Reserved: 2006-05-19T00:00:00

Link: CVE-2006-2482

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-09-08T21:04:00.000

Modified: 2024-11-21T00:11:24.727

Link: CVE-2006-2482

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-09-07T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the TZipTV component in (1) ZipTV for Delphi 7 2006.1.26 and for C++ Builder 2006-1.16, (2) PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221, and possibly other products, allows user-assisted attackers to execute arbitrary code via an ARJ archive with a long header. NOTE: the ACE archive vector is covered by CVE-2005-2856."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera"}, "references": [{"name": "19884", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19884"}, {"name": "ADV-2007-0235", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0235"}, {"name": "ADV-2006-3495", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3495"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2006-50/advisory/"}, {"name": "21458", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21458"}, {"name": "20270", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20270"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2006-72/advisory/"}, {"name": "tziptv-arj-header-bo(28785)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28785"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2006-2482", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in the TZipTV component in (1) ZipTV for Delphi 7 2006.1.26 and for C++ Builder 2006-1.16, (2) PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221, and possibly other products, allows user-assisted attackers to execute arbitrary code via an ARJ archive with a long header. NOTE: the ACE archive vector is covered by CVE-2005-2856."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "19884", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19884"}, {"name": "ADV-2007-0235", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0235"}, {"name": "ADV-2006-3495", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3495"}, {"name": "http://secunia.com/secunia_research/2006-50/advisory/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2006-50/advisory/"}, {"name": "21458", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21458"}, {"name": "20270", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20270"}, {"name": "http://secunia.com/secunia_research/2006-72/advisory/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2006-72/advisory/"}, {"name": "tziptv-arj-header-bo(28785)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28785"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:51:04.788Z"}, "title": "CVE Program Container", "references": [{"name": "19884", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/19884"}, {"name": "ADV-2007-0235", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0235"}, {"name": "ADV-2006-3495", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/3495"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secunia.com/secunia_research/2006-50/advisory/"}, {"name": "21458", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21458"}, {"name": "20270", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20270"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secunia.com/secunia_research/2006-72/advisory/"}, {"name": "tziptv-arj-header-bo(28785)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28785"}]}]}, "cveMetadata": {"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2006-2482", "datePublished": "2006-09-08T21:00:00", "dateReserved": "2006-05-19T00:00:00", "dateUpdated": "2024-08-07T17:51:04.788Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microchip_data_systems:ziptv_for_c\\+\\+_builder:2006.1.16:*:*:*:*:*:*:*", "matchCriteriaId": "C9BA19C4-046F-4C11-B113-236D82333338", "vulnerable": true}, {"criteria": "cpe:2.3:a:microchip_data_systems:ziptv_for_delphi_7:2006.1.26:*:*:*:*:*:*:*", "matchCriteriaId": "962152E9-7CE0-43E7-8295-E851636F3EFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:pentaware:pentasuite-pro:8.5.1.221:*:*:*:*:*:*:*", "matchCriteriaId": "46374F90-EAB3-42E8-B285-7ECC127FB06A", "vulnerable": true}, {"criteria": "cpe:2.3:a:pentaware:pentazip:8.5.1.190:*:*:*:*:*:*:*", "matchCriteriaId": "F9C26D49-BDA7-4E5A-8380-117C34D093D9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the TZipTV component in (1) ZipTV for Delphi 7 2006.1.26 and for C++ Builder 2006-1.16, (2) PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221, and possibly other products, allows user-assisted attackers to execute arbitrary code via an ARJ archive with a long header. NOTE: the ACE archive vector is covered by CVE-2005-2856."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en mont\u00f3n en el componente ZipTV en (1) ZipTV para Delphi 7 26/01/2006 y para C++ Builder 16/01/2006, (2) PentaZip 8.5.1.190 y PentaSuite-PRO 8.5.1.221,y posiblemente otros productos, permite a un atacante remoto con la complicidad del usuario ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo ARJ con una gran cabecera. NOTA: el archivo vector ACE est\u00e1 cubierto por CVE-2005-2856."}], "id": "CVE-2006-2482", "lastModified": "2024-11-21T00:11:24.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2006-09-08T21:04:00.000", "references": [{"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20270"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21458"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2006-50/advisory/"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://secunia.com/secunia_research/2006-72/advisory/"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/bid/19884"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/3495"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/0235"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28785"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20270"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21458"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2006-50/advisory/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/secunia_research/2006-72/advisory/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/19884"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/3495"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/0235"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28785"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}