CVE-2005-2856 – Total Commander 6.x - 'unacev2.dll' Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2005-2856
Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party compression utility before 2.6.0.0, as used in multiple products including (1) ALZip 5.51 through 6.11, (2) Servant Salamander 2.0 and 2.5 Beta 1, (3) WinHKI 1.66 and 1.67, (4) ExtractNow 3.x, (5) Total Commander 6.53, (6) Anti-Trojan 5.5.421, (7) PowerArchiver before 9.61, (8) UltimateZip 2.7,1, 3.0.3, and 3.1b, (9) Where Is It (WhereIsIt) 3.73.501, (10) FilZip 3.04, (11) IZArc 3.5 beta3, (12) Eazel 1.0, (13) Rising Antivirus 18.27.21 and earlier, (14) AutoMate 6.1.0.0, (15) BitZipper 4.1 SR-1, (16) ZipTV, and other products, allows user-assisted attackers to execute arbitrary code via a long filename in an ACE archive. • https://www.exploit-db.com/exploits/1633 http://marc.info/?l=bugtraq&m=112621008228458&w=2 http://secunia.com/advisories/16479 http://secunia.com/advisories/19454 http://secunia.com/advisories/19458 http://secunia.com/advisories/19581 http://secunia.com/advisories/19596 http://secunia.com/advisories/19612 http://secunia.com/advisories/19834 http://secunia.com/advisories/19890 http://secunia.com/advisories/19931 http://secunia.com/advisories/19938 http://secunia.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2005-2694 – WinAce 2.6.0.5 - Temporary File Parsing Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-2694
Buffer overflow in WinAce 2.6.0.5, and possibly earlier versions, allows remote attackers to execute arbitrary code via a temporary (.tmp) file that contains an entry with a long file name. • https://www.exploit-db.com/exploits/1168 http://marc.info/?l=bugtraq&m=112447630109392&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/21941 •