CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.1%
ALZip is a file compression/extraction software from ESTsoft Japan Corp. ALZip contains a buffer overflow vulnerability due to improper handling of mim files.
When opening a specially crafted file, arbitrary code may be executed.
Re-install the software
Download ALZip 8.21 after June 29, 2011 12:00 (JST) from the developer’s website, and then re-install it.
According to the developer, “Automatic updates will not be provided since the version number did not change”.
In the fixed version, the Readme file contains a statement, “A fix for a issue when unpacking a specific file type”