CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.1%
Added: 08/09/2011
CVE: CVE-2011-1336
BID: 48493
OSVDB: 73684
ESTsoft ALZip is a Windows-based file compression program that can unzip 40 different zip file archives. ALZip can zip files into 8 different archives such as ZIP, EGG, TAR and others.
ESTsoft ALZip 8.21 and earlier is vulnerable to a stack buffer overflow in **libETC.dll**
due to improper parsing of the **filename**
or **name**
parameter within **MIM**
file headers if an overly long filename is provided. A remote attacker can exploit this vulnerability to execute arbitrary code by enticing a user to open a specially crafted **MIM**
file in a vulnerable version of ALZip.
Upgrade to the 2011-06-09 release of ESTsoft ALZip version 8.21 (fixed without ersion number change), or a higher version.
<http://secunia.com/advisories/45108/>
Exploit works on ESTsoft ALZip 8.12 and the target user must open the exploit file in a vulnerable version of ALZip.
Windows