CVE-2005-2856

Description

Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party compression utility before 2.6.0.0, as used in multiple products including (1) ALZip 5.51 through 6.11, (2) Servant Salamander 2.0 and 2.5 Beta 1, (3) WinHKI 1.66 and 1.67, (4) ExtractNow 3.x, (5) Total Commander 6.53, (6) Anti-Trojan 5.5.421, (7) PowerArchiver before 9.61, (8) UltimateZip 2.7,1, 3.0.3, and 3.1b, (9) Where Is It (WhereIsIt) 3.73.501, (10) FilZip 3.04, (11) IZArc 3.5 beta3, (12) Eazel 1.0, (13) Rising Antivirus 18.27.21 and earlier, (14) AutoMate 6.1.0.0, (15) BitZipper 4.1 SR-1, (16) ZipTV, and other products, allows user-assisted attackers to execute arbitrary code via a long filename in an ACE archive.

Category

7.5
CVSS
Severity: High
CVSS 2.0 •
EPSS 21.56% Top 5%
Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
https://exchange.xforce.ibmcloud.com/vulnerabilities/26982 vdb entry
http://securitytracker.com/id?1016512 vdb entry
http://secunia.com/secunia_research/2006-24/advisory vendor advisory
http://www.vupen.com/english/advisories/2006/2824 vdb entry
http://securityreason.com/securityalert/49 third party advisory
http://www.securityfocus.com/bid/19884 vdb entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/26479 vdb entry
http://www.vupen.com/english/advisories/2006/1797 vdb entry
http://www.securityfocus.com/archive/1/434279/100/0/threaded mailing list
http://securitytracker.com/id?1014863 vdb entry
http://securitytracker.com/id?1016011 vdb entry
http://securitytracker.com/id?1016115 vdb entry
http://secunia.com/advisories/19939 third party advisory
http://secunia.com/secunia_research/2006-46/advisory/
http://securitytracker.com/id?1016065 vdb entry
http://www.vupen.com/english/advisories/2006/1835 vdb entry
http://securitytracker.com/id?1016088 vdb entry
http://www.vupen.com/english/advisories/2006/3495 vdb entry
http://secunia.com/advisories/19967 third party advisory vendor advisory
http://secunia.com/secunia_research/2006-27/ vendor advisory
http://securitytracker.com/id?1016177 vdb entry
http://securitytracker.com/id?1016114 vdb entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/26272 vdb entry
http://secunia.com/secunia_research/2006-50/advisory/
http://www.securityfocus.com/archive/1/432579/100/0/threaded mailing list
http://secunia.com/advisories/19931 third party advisory
http://secunia.com/secunia_research/2006-36/advisory vendor advisory
http://secunia.com/secunia_research/2006-28/advisory vendor advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26447 vdb entry
http://secunia.com/advisories/19975 third party advisory vendor advisory
http://www.vupen.com/english/advisories/2006/1775 vdb entry
http://secunia.com/advisories/16479 third party advisory patch vendor advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26385 vdb entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/26116 vdb entry
http://www.securityfocus.com/archive/1/436639/100/0/threaded mailing list
http://www.vupen.com/english/advisories/2006/1611 vdb entry
http://www.vupen.com/english/advisories/2006/1681 vdb entry
http://www.securityfocus.com/archive/1/433693/100/0/threaded mailing list
http://www.vupen.com/english/advisories/2006/2184 vdb entry
http://www.vupen.com/english/advisories/2006/1577 vdb entry
http://secunia.com/secunia_research/2006-33/advisory/ vendor advisory
http://secunia.com/secunia_research/2006-29/advisory/ vendor advisory
http://www.securityfocus.com/archive/1/434234/100/0/threaded mailing list
http://secunia.com/advisories/19938 third party advisory vendor advisory
http://secunia.com/advisories/19581 third party advisory vendor advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26302 vdb entry
http://www.vupen.com/english/advisories/2006/1694 vdb entry
http://secunia.com/advisories/20270 third party advisory
http://secunia.com/advisories/19890 third party advisory vendor advisory
http://secunia.com/advisories/19977 third party advisory vendor advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26142 vdb entry
http://secunia.com/secunia_research/2006-38/advisory vendor advisory
http://secunia.com/advisories/19596 third party advisory
http://secunia.com/secunia_research/2005-41/advisory/
http://securitytracker.com/id?1016066 vdb entry
http://www.securityfocus.com/archive/1/440303/100/0/threaded mailing list
http://secunia.com/advisories/19458 third party advisory vendor advisory
http://secunia.com/secunia_research/2006-25/advisory vendor advisory
http://securitytracker.com/id?1016012 vdb entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/26736 vdb entry
http://secunia.com/secunia_research/2006-32/advisory/
http://secunia.com/advisories/19454 third party advisory vendor advisory
http://www.securityfocus.com/archive/1/433258/100/0/threaded mailing list
http://secunia.com/secunia_research/2006-30/advisory vendor advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26315 vdb entry
http://www.securityfocus.com/archive/1/432357/100/0/threaded mailing list
http://www.osvdb.org/25129 vdb entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/27763 vdb entry
http://secunia.com/advisories/19834 third party advisory vendor advisory
http://www.securityfocus.com/archive/1/434011/100/0/threaded mailing list
https://exchange.xforce.ibmcloud.com/vulnerabilities/28787 vdb entry
http://www.securityfocus.com/archive/1/433352/100/0/threaded mailing list
http://secunia.com/advisories/20009 third party advisory vendor advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26480 vdb entry
http://www.vupen.com/english/advisories/2006/2047 vdb entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/26168 vdb entry
http://www.securityfocus.com/bid/14759 vdb entry
http://www.vupen.com/english/advisories/2006/1836 vdb entry
http://securitytracker.com/id?1016257 vdb entry
http://secunia.com/advisories/19612 third party advisory
http://www.vupen.com/english/advisories/2006/1565 vdb entry
http://www.vupen.com/english/advisories/2006/1725 vdb entry
http://securitytracker.com/id?1015852 vdb entry
http://marc.info/?l=bugtraq&m=112621008228458&w=2 mailing list

Frequently Asked Questions

What is the severity of CVE-2005-2856?
CVE-2005-2856 has been scored as a high severity vulnerability.
How to fix CVE-2005-2856?
To fix CVE-2005-2856, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2005-2856 being actively exploited in the wild?
It is possible that CVE-2005-2856 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~22% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.