Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party compression utility prior to 2.6.0.0, as used in multiple products including (1) ALZip 5.51 up to and including 6.11, (2) Servant Salamander 2.0 and 2.5 Beta 1, (3) WinHKI 1.66 and 1.67, (4) ExtractNow 3.x, (5) Total Commander 6.53, (6) Anti-Trojan 5.5.421, (7) PowerArchiver prior to 9.61, (8) UltimateZip 2.7,1, 3.0.3, and 3.1b, (9) Where Is It (WhereIsIt) 3.73.501, (10) FilZip 3.04, (11) IZArc 3.5 beta3, (12) Eazel 1.0, (13) Rising Antivirus 18.27.21 and previous versions, (14) AutoMate 6.1.0.0, (15) BitZipper 4.1 SR-1, (16) ZipTV, and other products, allows user-assisted malicious users to execute arbitrary code via a long filename in an ACE archive.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
winace winace 2.6.0.0 |