1. CVE-Search
  2. CVE-2010-2801
ID CVE-2010-2801
Summary Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library.
References
Vulnerable Configurations
  • cpe:2.3:a:cabextract_project:cabextract:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract_project:cabextract:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract_project:cabextract:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract_project:cabextract:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract_project:cabextract:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract_project:cabextract:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract_project:cabextract:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract_project:cabextract:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract_project:cabextract:0.1:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract_project:cabextract:0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract_project:cabextract:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract_project:cabextract:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract_project:cabextract:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract_project:cabextract:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract_project:cabextract:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract_project:cabextract:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cabextract_project:cabextract:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:cabextract_project:cabextract:1.2:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 26-04-2021 - 11:45)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
refmap via4
bid 42173
confirm
debian DSA-2087
mlist
  • [oss-security] 20100802 CVE Request [two ids] -- cabextract -- 1, Infinite loop in MS-ZIP and Quantum decoders (minor) 2, Integer wrap-around (crash) by processing certain *.cab files in test archive mode
  • [oss-security] 20100802 Re: CVE Request [two ids] -- cabextract -- 1, Infinite loop in MS-ZIP and Quantum decoders (minor) 2, Integer wrap-around (crash) by processing certain *.cab files in test archive mode
vupen
  • ADV-2010-1903
  • ADV-2010-1997
xf cabextract-archive-code-execution(60891)
Last major update 26-04-2021 - 11:45
Published 09-08-2010 - 11:58
Last modified 26-04-2021 - 11:45
Back to Top