Summary
Detail | |||
---|---|---|---|
Vendor | Estsoft | First view | 2005-10-14 |
Product | Alzip | Last view | 2019-08-13 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.8 | 2019-08-13 | CVE-2019-12807 | Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code. |
7.8 | 2018-12-21 | CVE-2018-5196 | Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execute arbitrary code execution. |
7.8 | 2018-05-17 | CVE-2018-10027 | ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: %PROGRAMFILES%\ESTsoft\ALZip\Formats, %PROGRAMFILES%\ESTsoft\ALZip\Coders, %PROGRAMFILES(X86)%\ESTsoft\ALZip\Formats, or %PROGRAMFILES(X86)%\ESTsoft\ALZip\Coders. |
7.8 | 2017-08-19 | CVE-2017-11323 | Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of "AUX" as the initial substring of a filename. |
9.3 | 2011-07-07 | CVE-2011-1336 | Buffer overflow in ALZip 8.21 and earlier allows remote attackers to execute arbitrary code via a crafted mim file. |
5.1 | 2005-10-14 | CVE-2005-3194 | Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), and 5.52 (English) allow remote attackers to execute arbitrary code via a long filename in a compressed (1) ALZ, (2) ARJ, (3) ZIP, (4) UUE, or (5) XXE archive. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
40% (2) | CWE-787 | Out-of-bounds Write |
40% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
20% (1) | CWE-426 | Untrusted Search Path |
SAINT Exploits
Description | Link |
---|---|
ESTsoft ALZip MIM File Handling Buffer Overflow | More info here |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
73684 | ALZip MIM File Handling Overflow |
19890 | ALZip ARJ/ZIP/UUE/XXE Archive Handling Overflow |
19889 | ALZip ALZ Archive Handling Overflow |
OpenVAS Exploits
id | Description |
---|---|
2011-07-15 | Name : ALZip MIM File Processing Buffer Overflow Vulnerability File : nvt/gb_alzip_mim_bof_vuln.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | ESTsoft ALZip MIM file buffer overflow attempt RuleID : 24083 - Type : FILE-OTHER - Revision : 8 |
2014-01-10 | ESTsoft ALZip MIM file buffer overflow attempt RuleID : 20034 - Type : FILE-OTHER - Revision : 17 |