Lucene search

[email protected]CVE-2010-2434

HistoryJun 25, 2010 - 6:30 p.m.

CVE-2010-2434

2010-06-2518:30:01

CWE-120

[email protected]

web.nvd.nist.gov

cve-2010-2434

buffer overflow

arcext.dll

remote code execution

lzh lha file

exploitation

security vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

Low

0.101 Low

EPSS

Percentile

95.0%

JSON

Buffer overflow in Arcext.dll 2.16.1 and earlier in pon software Explzh 5.62 and earlier allows remote attackers to execute arbitrary code via an LZH LHA file with a crafted header that is not properly handled during expansion.

Affected configurations

NVD

Node

ponsoftwareexplzhRange≤5.62

CPENameOperatorVersion
ponsoftware:explzhponsoftware explzhle5.62

CPE	Name	Operator	Version
ponsoftware:explzh	ponsoftware explzh	le	5.62

References

jvn.jp/en/jp/JVN34729123/index.html

jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000026.html

osvdb.org/65666

secunia.com/advisories/40324

www.ponsoftware.com/archiver/bug.htm#lzh_bufover

www.securityfocus.com/bid/41025

exchange.xforce.ibmcloud.com/vulnerabilities/59624

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

Low

0.101 Low

EPSS

Percentile

95.0%

JSON

Related for CVE-2010-2434

nvd1 cvelist1 prion1