4.6.665

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

alwil

NVD

Published: 2005-07-27

Updated: 2008-09-05

Summary

Directory traversal vulnerability in a third-party compression library (UNACEV2.DLL), as used in avast! Antivirus Home/Professional Edition 4.6.665 and Server Edition 4.6.460, allows remote attackers to write arbitrary files via an ACE archive containing filenames with (1) .. or (2) absolute pathnames.

Vulnerable Configurations

Part	Description	Count
Application	Alwil Alwil Avast Antivirus 4.6.665 Alwil Avast Antivirus 4.6.460	3

References

http://secunia.com/secunia_research/2005-20/advisory/
http://www.avast.com/eng/av4_revision_history.html
http://secunia.com/advisories/15776
http://securitytracker.com/id?1014544