CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2005-2384

Directory traversal vulnerability in a third-party compression library (UNACEV2.DLL), as used in avast! Antivirus Home/Professional Edition 4.6.665 and Server Edition 4.6.460, allows remote attackers to write arbitrary files via an ACE archive containing filenames with (1) .. or (2) absolute pathnames.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.025

EPSS Ranking 84.6%

CVSS Severity

CVSS v2 Score 5.0

References

http://secunia.com/advisories/15776
http://secunia.com/secunia_research/2005-20/advisory/
http://securitytracker.com/id?1014544
http://www.avast.com/eng/av4_revision_history.html
http://secunia.com/advisories/15776
http://secunia.com/secunia_research/2005-20/advisory/
http://securitytracker.com/id?1014544
http://www.avast.com/eng/av4_revision_history.html

Products affected by CVE-2005-2384

Alwil » Avast Antivirus » Version: 4.6.460

cpe:2.3:a:alwil:avast_antivirus:4.6.460
Alwil » Avast Antivirus » Version: 4.6.665

cpe:2.3:a:alwil:avast_antivirus:4.6.665

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-2384

Products

Pricing

Contact Us