{"vuid":"VU#215006","idnumber":"215006","name":"unace buffer overflow vulnerability","keywords":["unace","buffer overflow","ACE archives","unacev2.dll"],"overview":"A buffer overflow in the unace compression library may allow a remote attacker to execute arbitrary code.","clean_desc":"The unace compression library is used to decompress ace archives (*.ace file extension). A lack of input validation on filenames in an ace archive may allow a buffer overflow to occur. If an attacker supplies the unace library with a specially crafted compressed ace archive, that attacker may be able to trigger the buffer overflow and, consequently, execute arbitrary code with the privileges of the application linked to unace.","impact":"If a remote attacker can convince a user to access a specially crafted ace archive, that attacker may be able to execute arbitrary code. In addition, this vulnerability may prevent security software, such as anti-virus software, from detecting a malicious ace archive.","resolution":"Apply patches from your vendor \nThe unace compression library is freely available and used by many vendors in a wide variety of applications. As a result, any one of these applications may contain this vulnerability. Users are encouraged to contact their vendors to determine if they are vulnerable and what action to take.","workarounds":"Do not accept ace archives from untrusted sources Exploitation occurs by accessing a specially crafted ace archive. By only accessing ace archives from trusted or known sources, the chances of exploitation are reduced.","sysaffected":"","thanks":"This vulnerability was reported by Ulf Harnhammar.","author":"This document was written by Jeff Gennari.","public":["http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031908.html","http://lists.suse.com/archive/suse-security-announce/2005-Jun/0006.html","http://secunia.com/advisories/14359/","http://securitytracker.com/alerts/2005/Jul/1014544.html","http://secunia.com/advisories/15776/","http://secunia.com/advisories/15674/"],"cveids":["CVE-2005-0160"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-02-23T17:40:03Z","publicdate":"2005-02-22T00:00:00Z","datefirstpublished":"2005-09-21T12:35:57Z","dateupdated":"2005-10-28T18:05:04Z","revision":59,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"10","cam_impact":"16","cam_easeofexploitation":"10","cam_attackeraccessrequired":"10","cam_scorecurrent":"4.5","cam_scorecurrentwidelyknown":"6","cam_scorecurrentwidelyknownexploited":"12","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":4.5,"vulnote":null}