CVE-2006-3985 - Vulnerability Details - OpenCVE

Stack-based buffer overflow in DZIPS32.DLL 6.0.0.4 in ConeXware PowerArchiver 9.62.03 allows user-assisted attackers to execute arbitrary code by adding a new file to a crafted ZIP archive that already contains a file with a long name.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Conexware	Powerarchiver

Configuration 1 [-]

OR	cpe:2.3:a:conexware:powerarchiver::::::::
	cpe:2.3:a:conexware:powerarchiver:8.10:::::::*
	cpe:2.3:a:conexware:powerarchiver:8.60:::::::*
	cpe:2.3:a:conexware:powerarchiver:9.5_beta_4:::::::*
	cpe:2.3:a:conexware:powerarchiver:9.5_beta_5:::::::*
	cpe:2.3:a:conexware:powerarchiver:9.25:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/21199
http://securityreason.com/securityalert/1334
http://securitytracker.com/id?1016579
http://vuln.sg/powarc962-en.html
http://www.osvdb.org/27492
http://www.powerarchiver.com/blog/
http://www.securityfocus.com/archive/1/441205/100/100/threaded
http://www.securityfocus.com/bid/19143
http://www.vupen.com/english/advisories/2006/2971
https://exchange.xforce.ibmcloud.com/vulnerabilities/27939

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-08-05T00:00:00

Updated: 2024-08-07T18:48:39.488Z

Reserved: 2006-08-04T00:00:00

Link: CVE-2006-3985

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-08-05T00:04:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-3985

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-07-25T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in DZIPS32.DLL 6.0.0.4 in ConeXware PowerArchiver 9.62.03 allows user-assisted attackers to execute arbitrary code by adding a new file to a crafted ZIP archive that already contains a file with a long name."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1016579", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016579"}, {"name": "27492", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/27492"}, {"tags": ["x_refsource_MISC"], "url": "http://vuln.sg/powarc962-en.html"}, {"name": "ADV-2006-2971", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2971"}, {"name": "19143", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19143"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.powerarchiver.com/blog/"}, {"name": "1334", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1334"}, {"name": "powerarchiver-add-bo(27939)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27939"}, {"name": "20060725 [vuln.sg] PowerArchiver DZIPS32.DLL Buffer Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/441205/100/100/threaded"}, {"name": "21199", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21199"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3985", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in DZIPS32.DLL 6.0.0.4 in ConeXware PowerArchiver 9.62.03 allows user-assisted attackers to execute arbitrary code by adding a new file to a crafted ZIP archive that already contains a file with a long name."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1016579", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016579"}, {"name": "27492", "refsource": "OSVDB", "url": "http://www.osvdb.org/27492"}, {"name": "http://vuln.sg/powarc962-en.html", "refsource": "MISC", "url": "http://vuln.sg/powarc962-en.html"}, {"name": "ADV-2006-2971", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2971"}, {"name": "19143", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19143"}, {"name": "http://www.powerarchiver.com/blog/", "refsource": "CONFIRM", "url": "http://www.powerarchiver.com/blog/"}, {"name": "1334", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1334"}, {"name": "powerarchiver-add-bo(27939)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27939"}, {"name": "20060725 [vuln.sg] PowerArchiver DZIPS32.DLL Buffer Overflow Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/441205/100/100/threaded"}, {"name": "21199", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21199"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:48:39.488Z"}, "title": "CVE Program Container", "references": [{"name": "1016579", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016579"}, {"name": "27492", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/27492"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://vuln.sg/powarc962-en.html"}, {"name": "ADV-2006-2971", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2971"}, {"name": "19143", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/19143"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.powerarchiver.com/blog/"}, {"name": "1334", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1334"}, {"name": "powerarchiver-add-bo(27939)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27939"}, {"name": "20060725 [vuln.sg] PowerArchiver DZIPS32.DLL Buffer Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/441205/100/100/threaded"}, {"name": "21199", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21199"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3985", "datePublished": "2006-08-05T00:00:00", "dateReserved": "2006-08-04T00:00:00", "dateUpdated": "2024-08-07T18:48:39.488Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:conexware:powerarchiver:*:*:*:*:*:*:*:*", "matchCriteriaId": "000EEA11-311D-41F6-868C-B3C4F7CDD49C", "versionEndIncluding": "9.62.03", "vulnerable": true}, {"criteria": "cpe:2.3:a:conexware:powerarchiver:8.10:*:*:*:*:*:*:*", "matchCriteriaId": "C86DFD9C-5149-4251-BF39-679459E4304B", "vulnerable": true}, {"criteria": "cpe:2.3:a:conexware:powerarchiver:8.60:*:*:*:*:*:*:*", "matchCriteriaId": "DBC5B97E-ADB2-4160-9E7A-85708FB34F1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:conexware:powerarchiver:9.5_beta_4:*:*:*:*:*:*:*", "matchCriteriaId": "3AFEF804-FC89-4991-922A-B3F681628BEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:conexware:powerarchiver:9.5_beta_5:*:*:*:*:*:*:*", "matchCriteriaId": "3284CFB0-7124-4832-8A46-9C338CC45D9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:conexware:powerarchiver:9.25:*:*:*:*:*:*:*", "matchCriteriaId": "971CEC5F-FF6A-4BF2-8C48-E1F1A9D48C7F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in DZIPS32.DLL 6.0.0.4 in ConeXware PowerArchiver 9.62.03 allows user-assisted attackers to execute arbitrary code by adding a new file to a crafted ZIP archive that already contains a file with a long name."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en ZIPS32.DLL 6.0.0.4 en ConeXware PowerArchiver 9.62.03 permite a atacantes con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n a\u00f1adiendo un nuevo archivo a un archivo ZIP manipulado que contiene un archivo con un largo nombre.\r\n"}], "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nConeXware, PowerArchiver, 9.63", "id": "CVE-2006-3985", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2006-08-05T00:04:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21199"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1334"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016579"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://vuln.sg/powarc962-en.html"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/27492"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.powerarchiver.com/blog/"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/441205/100/100/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/19143"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/2971"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27939"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21199"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1334"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016579"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://vuln.sg/powarc962-en.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/27492"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.powerarchiver.com/blog/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/441205/100/100/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/19143"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/2971"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27939"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}