Unrated severityNVD Advisory· Published Jun 16, 2006· Updated Apr 16, 2026

CVE-2006-2909

Description

Stack-based buffer overflow in the info tip shell extension (zipinfo.dll) in PicoZip 4.01 allows remote attackers to execute arbitrary code via a long filename in an (1) ACE, (2) RAR, or (3) ZIP archive, which is triggered when the user moves the mouse over the archive.

Affected products

Picozip/Picozip
cpe:2.3:a:picozip:picozip:4.01:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/20481nvdPatchVendor Advisory
secunia.com/secunia_research/2006-42/advisory/nvdPatchVendor Advisory
www.securityfocus.com/bid/18425nvdPatch
securityreason.com/securityalert/1104nvd
securitytracker.com/idnvd
www.osvdb.org/26447nvd
www.picozip.com/changelog.htmlnvd
www.securityfocus.com/archive/1/437103/100/0/threadednvd
www.securityfocus.com/archive/1/437450/100/100/threadednvd
www.vupen.com/english/advisories/2006/2330nvd
exchange.xforce.ibmcloud.com/vulnerabilities/27096nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.021
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000