Japan Vulnerability NotesJVN:01547302JVN#01547302: ALZip vulnerable to buffer overflow
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.1%
ALZip is a file compression/extraction software from ESTsoft Japan Corp. ALZip contains a buffer overflow vulnerability due to improper handling of mim files.
Impact
When opening a specially crafted file, arbitrary code may be executed.
Solution
Re-install the software
Download ALZip 8.21 after June 29, 2011 12:00 (JST) from the developer’s website, and then re-install it.
According to the developer, “Automatic updates will not be provided since the version number did not change”.
In the fixed version, the Readme file contains a statement, “A fix for a issue when unpacking a specific file type”
Products Affected
- ALZip v8.21 and earlier
According to the developer, copies of version 8.21 that were downloaded prior to June 29, 2011 are affected by this issue.
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.1%