JVN#18774708: Lhaplus may insecurely load executable files

ID JVN:18774708
Type jvn
Reporter Japan Vulnerability Notes
Modified 2010-10-20T00:00:00


## Description

Lhaplus is a file compression/extraction software supporting multiple file formats. Lhaplus loads certain executables (.exe) when extracting files. Lhaplus contains an issue with the file search path, which may insecurely load executables.

## Impact

An attacker may execute arbitrary code with the privilege of running the application.

## Solution

Update the Software
Update to the latest version according to the information provided by the developer.

## Products Affected

  • Lhaplus Version 1.57 and earlier