8.5.1

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

estsoft

CWE-787

NVD

Published: 2018-12-21

Updated: 2020-08-24

Summary

Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execute arbitrary code execution.

Vulnerable Configurations

Part	Description	Count
Application	Estsoft Estsoft Alzip 8.5.1 Estsoft Alzip 10.76.0.0	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.altools.co.kr/Support/Notice_Contents.aspx?idx=1677&page=2&t=
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=27688