8.5.1

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

estsoft

CWE-787

NVD

Published: 2018-12-21

Updated: 2020-08-24

Summary

Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execute arbitrary code execution.

Vulnerable Configurations

Part	Description	Count
Application	Estsoft Estsoft Alzip 8.5.1 Estsoft Alzip 10.76.0.0	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=27688
https://www.altools.co.kr/Support/Notice_Contents.aspx?idx=1677&page=2&t=