Published: 16/06/2006 Updated: 18/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Stack-based buffer overflow in the info tip shell extension (zipinfo.dll) in PicoZip 4.01 allows remote malicious users to execute arbitrary code via a long filename in an (1) ACE, (2) RAR, or (3) ZIP archive, which is triggered when the user moves the mouse over the archive.

Vulnerable Product	Search on Vulmon	Subscribe to Product
picozip picozip 4.01

#!/usr/bin/perl # Pico Zip v 401 Long Filename Buffer Overflow # Original advisory - wwwsecurityfocuscom/archive/1/437103/30/30/threaded # Author - c0rrupt # Greets - sh0uts to n0limit, muts, and brax for the music ;) # # The vulnerability is caused due to a boundary error within the # "zipinfodll" info tip shell extension when reading ...

NVD-CWE-Other http://secunia.com/secunia_research/2006-42/advisory/http://www.picozip.com/changelog.html http://www.securityfocus.com/bid/18425 http://secunia.com/advisories/20481 http://www.osvdb.org/26447 http://securitytracker.com/id?1016308 http://securityreason.com/securityalert/1104 http://www.vupen.com/english/advisories/2006/2330 https://exchange.xforce.ibmcloud.com/vulnerabilities/27096 http://www.securityfocus.com/archive/1/437450/100/100/threaded http://www.securityfocus.com/archive/1/437103/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/1917/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-2909

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect