CVE-2005-2384

Directory traversal vulnerability in a third-party compression library (UNACEV2.DLL), as used in avast! Antivirus Home/Professional Edition 4.6.665 and Server Edition 4.6.460, allows remote attackers to write arbitrary files via an ACE archive containing filenames with (1) .. or (2) absolute pathnames.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/secunia_research/2005-20/advisory/	Patch Vendor Advisory
http://www.avast.com/eng/av4_revision_history.html
http://secunia.com/advisories/15776	Patch Vendor Advisory
http://securitytracker.com/id?1014544

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:alwil:avast_antivirus:4.6.665::home:::::
	cpe:2.3:a:alwil:avast_antivirus:4.6.665::pro:::::
	cpe:2.3:a:alwil:avast_antivirus:4.6.460::server:::::

Information

Published : 2005-07-26 21:00

Updated : 2008-09-05 13:51

NVD link : CVE-2005-2384

Mitre link : CVE-2005-2384

JSON object : View

CWE

NVD-CWE-Other

Products Affected

alwil

avast_antivirus

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/secunia_research/2005-20/advisory/", "name": "http://secunia.com/secunia_research/2005-20/advisory/", "tags": ["Patch", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.avast.com/eng/av4_revision_history.html", "name": "http://www.avast.com/eng/av4_revision_history.html", "tags": [], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/15776", "name": "15776", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://securitytracker.com/id?1014544", "name": "1014544", "tags": [], "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Directory traversal vulnerability in a third-party compression library (UNACEV2.DLL), as used in avast! Antivirus Home/Professional Edition 4.6.665 and Server Edition 4.6.460, allows remote attackers to write arbitrary files via an ACE archive containing filenames with (1) .. or (2) absolute pathnames."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-2384", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-07-27T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:alwil:avast_antivirus:4.6.665:*:home:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:alwil:avast_antivirus:4.6.665:*:pro:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:alwil:avast_antivirus:4.6.460:*:server:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2008-09-05T20:51Z"}

5.0 /10