Strix
26.1K

CVE-2006-3985

UnknownEPSS 4.34%

Last modified

CVE-2006-3985 is a vulnerability of currently unknown severity. Stack-based buffer overflow in DZIPS32.DLL 6.0.0.4 in ConeXware PowerArchiver 9.62.03 allows user-assisted attackers to execute arbitrary code by adding a new file to a crafted ZIP archive that already contains a file with a long name.. EPSS estimates a 4.34% chance of exploitation in the next 30 days.

Description

Stack-based buffer overflow in DZIPS32.DLL 6.0.0.4 in ConeXware PowerArchiver 9.62.03 allows user-assisted attackers to execute arbitrary code by adding a new file to a crafted ZIP archive that already contains a file with a long name.

Metrics

EPSS Probability
4.34%

90.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
ConexwarePowerarchiver<= 9.62.03
ConexwarePowerarchiver8.10
ConexwarePowerarchiver8.60
ConexwarePowerarchiver9.5_beta_4
ConexwarePowerarchiver9.5_beta_5
ConexwarePowerarchiver9.25

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2006-3985?
Stack-based buffer overflow in DZIPS32.DLL 6.0.0.4 in ConeXware PowerArchiver 9.62.03 allows user-assisted attackers to execute arbitrary code by adding a new file to a crafted ZIP archive that already contains a file with a long name.
How severe is CVE-2006-3985?
Severity scoring for CVE-2006-3985 is pending analysis. The EPSS model estimates a 4.34% probability of exploitation in the next 30 days.
How do I fix CVE-2006-3985?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-3985?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST