Page 3 of 15 results (0.010 seconds)

CVSS: 9.3EPSS: 13%CPEs: 1EXPL: 0

AhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a filename string at a location indicated by the "Filename length" field in a ZIP header, which allows remote attackers to cause a denial of service (machine crash) and possibly execute arbitrary code via a ZIP file in which this field's value is larger than the actual number of bytes in the filename. AhnLab Antivirus 3 Internet Security 2008 Platinum añade datos en una cadena de nombre de archivo en una localización indicada por el campo "Filename length" en un cabecera ZIP, lo cual permite a atacantes remotos provocar denegación de servicio (caida de máquina) y posiblemente ejecutar código de su elección a través del un archivo ZIP en el cual este valor de campo es mayor que el actual número de bytes en el nombre de archivo. • http://global.ahnlab.com/global/notice_view.ESD?fmethod=view&press_seq=803&printNum=2 http://osvdb.org/42352 http://secunia.com/advisories/27757 http://securityreason.com/securityalert/3382 http://secway.org/advisory/AD20071116.txt http://www.securityfocus.com/archive/1/483799/100/0/threaded http://www.securityfocus.com/bid/26473 http://www.securitytracker.com/id?1018977 http://www.vupen.com/english/advisories/2007/3983 https://exchange.xforce.ibmcloud.com/vulnerabilities/38514 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 8%CPEs: 3EXPL: 1

Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before 6.0.0.488, V3Net for Windows Server 6.0 before 6.0.0.488, and MyV3, with compressed file scanning enabled, allow remote attackers to execute arbitrary code via crafted (1) ALZ, (2) UUE, or (3) XXE archives. • http://global.ahnlab.com/security/security_advisory002.html http://secunia.com/advisories/16851 http://secunia.com/secunia_research/2005-48/advisory http://securityreason.com/securityalert/80 http://www.osvdb.org/19955 http://www.securityfocus.com/archive/1/413260 http://www.securityfocus.com/bid/15091 •

CVSS: 7.5EPSS: 4%CPEs: 3EXPL: 0

Stack-based buffer overflow in AhnLab V3Pro 2004 build 6.0.0.383, V3 VirusBlock 2005 build 6.0.0.383, and V3Net for Windows Server 6.0 build 6.0.0.383 allows remote attackers to execute arbitrary code via a long filname in an ACE archive. • http://info.ahnlab.com/english/advisory/01.html http://marc.info/?l=bugtraq&m=112680062609377&w=2 http://secunia.com/advisories/15674 http://secunia.com/secunia_research/2005-17/advisory http://www.securityfocus.com/bid/14844 •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

Directory traversal vulnerability in the archive decompression library in AhnLab V3Pro 2004 build 6.0.0.383, V3 VirusBlock 2005 build 6.0.0.383, and V3Net for Windows Server 6.0 build 6.0.0.383 allows remote attackers to write arbitrary files via a .. (dot dot) in the filename in a compressed archive. • http://info.ahnlab.com/english/advisory/01.html http://marc.info/?l=bugtraq&m=112680062609377&w=2 http://secunia.com/advisories/15674 http://secunia.com/secunia_research/2005-17/advisory http://www.securityfocus.com/bid/14848 •

CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0

The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 VirusBlock 2005 Build 6.0.0.383, V3Net for Windows Server 6.0 Build 6.0.0.383 does not properly validate the source of the DeviceIoControl commands, which allows remote attackers to gain privileges. • http://info.ahnlab.com/english/advisory/01.html http://marc.info/?l=bugtraq&m=112680062609377&w=2 http://secunia.com/advisories/15674 http://www.securityfocus.com/bid/14847 https://exchange.xforce.ibmcloud.com/vulnerabilities/22297 •