Estsoft Alzip

This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor	Estsoft	First view	2005-10-14
Product	Alzip	Last view	2019-08-13
Version		Type
Update
Edition
Language
Sofware Edition
Target Software
Target Hardware
Other

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name	Affected CVE
cpe:2.3:a:estsoft:alzip:6.1_international:::::::*	6
cpe:2.3:a:estsoft:alzip:6.12_korean:::::::*	6
cpe:2.3:a:estsoft:alzip:5.52_english:::::::*	6
cpe:2.3:a:estsoft:alzip:8.21:::::::*	5
cpe:2.3:a:estsoft:alzip:8.12:::::::*	5
cpe:2.3:a:estsoft:alzip:8.0:::::::*	5
cpe:2.3:a:estsoft:alzip::::::::	5
cpe:2.3:a:estsoft:alzip:10.76.0.0::~~~windows~~:::::	2
cpe:2.3:a:estsoft:alzip:10.83:::::::*	1

Related : CVE

	Date	Alert	Description
7.8	2019-08-13	CVE-2019-12807	Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code.
7.8	2018-12-21	CVE-2018-5196	Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execute arbitrary code execution.
7.8	2018-05-17	CVE-2018-10027	ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: %PROGRAMFILES%\ESTsoft\ALZip\Formats, %PROGRAMFILES%\ESTsoft\ALZip\Coders, %PROGRAMFILES(X86)%\ESTsoft\ALZip\Formats, or %PROGRAMFILES(X86)%\ESTsoft\ALZip\Coders.
7.8	2017-08-19	CVE-2017-11323	Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of "AUX" as the initial substring of a filename.
9.3	2011-07-07	CVE-2011-1336	Buffer overflow in ALZip 8.21 and earlier allows remote attackers to execute arbitrary code via a crafted mim file.
5.1	2005-10-14	CVE-2005-3194	Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), and 5.52 (English) allow remote attackers to execute arbitrary code via a long filename in a compressed (1) ALZ, (2) ARJ, (3) ZIP, (4) UUE, or (5) XXE archive.

CWE : Common Weakness Enumeration

%	id	Name
40% (2)	CWE-787	Out-of-bounds Write
40% (2)	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
20% (1)	CWE-426	Untrusted Search Path

SAINT Exploits

Description	Link
ESTsoft ALZip MIM File Handling Buffer Overflow	More info here

Open Source Vulnerability Database (OSVDB)

id	Description
73684	ALZip MIM File Handling Overflow
19890	ALZip ARJ/ZIP/UUE/XXE Archive Handling Overflow
19889	ALZip ALZ Archive Handling Overflow

OpenVAS Exploits

id	Description
2011-07-15	Name : ALZip MIM File Processing Buffer Overflow Vulnerability File : nvt/gb_alzip_mim_bof_vuln.nasl

Snort® IPS/IDS

Date	Description
2014-01-10	ESTsoft ALZip MIM file buffer overflow attempt RuleID : 24083 - Type : FILE-OTHER - Revision : 8
2014-01-10	ESTsoft ALZip MIM file buffer overflow attempt RuleID : 20034 - Type : FILE-OTHER - Revision : 17

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.4042s

Facebook rss twitter linkedin mail