Published: 30/06/2009 Updated: 19/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 940

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

PeaZIP 2.6.1, 2.5.1, and previous versions on Windows allows user-assisted remote malicious users to execute arbitrary commands via a .zip archive with a .txt file whose name contains | (pipe) characters and a command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
giorgio tani peazip
giorgio tani peazip 2.4.1
giorgio tani peazip 1.10
giorgio tani peazip 1.9.3
giorgio tani peazip 1.6
giorgio tani peazip 1.5
giorgio tani peazip 2.2
giorgio tani peazip 2.1
giorgio tani peazip 1.8.2
giorgio tani peazip 1.8.1
giorgio tani peazip 1.2
giorgio tani peazip 1.1
giorgio tani peazip 2.4
giorgio tani peazip 2.3a
giorgio tani peazip 1.9.2
giorgio tani peazip 1.9.1
giorgio tani peazip 1.9
giorgio tani peazip 1.4
giorgio tani peazip 1.3
giorgio tani peazip 2.6.1
giorgio tani peazip 2.0
giorgio tani peazip 1.11
giorgio tani peazip 1.8
giorgio tani peazip 1.7
giorgio tani peazip 1.0

## # $Id: peazip_command_injectionrb 10394 2010-09-20 08:06:27Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/cor ...

<?php /* PeaZIP <= 261 commpressed filename command injection poc exploit by Nine:Situations:Group::pyrokinesis site: retrogodaltervistaorg/ software site: peazipsourceforgenet/ tested against: peazip 251, 261 for Windows a pipe vulnerability exists in the way peazip handles file entries, ...

CWE-20 http://www.exploit-db.com/exploits/8881 https://nvd.nist.gov https://www.exploit-db.com/exploits/16307/

CVE-2009-2261

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect