16 matches found
EUVD-2007-3496
Malware in sbrugna...
EUVD-2007-3365
Malware in sbrugna...
Lhaca LHZ Archive Extended Header Size Processing Buffer Overflow Vulnerability
Overview Lhaca does not process an LHZ archive with an invalid Extended Header Size properly, which could lead to buffer overflow. This problem is reported to be different from the issue identified in JVNDB-2007-000492 CVE-2007-3375. Impact An attacker could execute arbitrary code. Solution Pleas...
VulnCheck KEV: CVE-2007-3375
Stack-based buffer overflow in Lhaca File Archiver before 1.21 allows user-assisted remote attackers to execute arbitrary code via a crafted LZH archive, as exploited by malware such as Trojan.Lhdropper...
Lhaca buffer overflow vulnerability
Overview The Lhaca archiving program contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description LHA is an archive file format. LHA is used by the Lhaca compression utility.A stack buffer overflow vulnerability exists in the Lhaca program. This...
Lhaca LZH文档畸形Extended Header Size值栈缓冲区溢出漏洞
Lhaca是一款由日本开发的免费文档压缩解压工具。 Lhaca在处理畸形的LHA文档时存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞通过诱使用户处理恶意文件控制用户机器。 Lhaca没有充分地验证从LHA文件读取的Extended Header Size值便将其拷贝到了Extended Header Data字节数的栈缓冲区,如果Extended Header Size值大于255的话就可能触发缓冲区溢出,导致执行任意指令;此外由于没有正确地使用strncpy还可能导致进一步覆盖该缓冲区。有漏洞的函数如下: function40D974FILE fp, char outbuffer cha...
CVE-2007-3512
Stack-based buffer overflow in Lhaca File Archiver before 1.22 allows user-assisted remote attackers to execute arbitrary code via a large LHA "Extended Header Size" value in an LZH archive, a different issue than CVE-2007-3375...
Stack overflow
Stack-based buffer overflow in Lhaca File Archiver before 1.22 allows user-assisted remote attackers to execute arbitrary code via a large LHA "Extended Header Size" value in an LZH archive, a different issue than CVE-2007-3375...
CVE-2007-3512
Stack-based buffer overflow in Lhaca File Archiver before 1.22 allows user-assisted remote attackers to execute arbitrary code via a large LHA "Extended Header Size" value in an LZH archive, a different issue than CVE-2007-3375...
CVE-2007-3512
CVE-2007-3512 refers to a stack-based buffer overflow in the Lhaca File Archiver’s processing of LHZ archives. The vulnerability occurs when handling a large LHA “Extended Header Size” value, which can allow a user‑assisted remote attacker to execute arbitrary code. The JVNDB entry notes the issu...
Lhaca LZH文档处理栈溢出漏洞
Lhaca是一款由日本开发的免费文档压缩解压工具。 Lhaca的文件归档器没有正确的解压.LZH文档,如果用户受骗打开了恶意压缩文档的话,就可能触发栈溢出,导致执行任意指令。 目前这个漏洞正在被名为Trojan.Lhdropper的木马积极的利用。 Lhaca 1.20 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://park8.wakwak.com/app/Lhaca/...
Lhaca文件档未明堆栈缓冲区溢出漏洞
Lhaca是一款解压缩软件。 Lhaca处理恶意LZH档文件存在未明堆栈缓冲区溢出,远程攻击者可以利用漏洞可能以应用程序进程权限执行任意指令。 目前没有详细漏洞细节提供。 Lhaca Lhaca 1.40 Lhaca Lhaca 1.20 目前没有解决方案提供: http://park8.wakwak.com/app/Lhaca/...
CVE-2007-3375
Stack-based buffer overflow in Lhaca File Archiver before 1.21 allows user-assisted remote attackers to execute arbitrary code via a crafted LZH archive, as exploited by malware such as Trojan.Lhdropper...
Stack overflow
Stack-based buffer overflow in Lhaca File Archiver before 1.21 allows user-assisted remote attackers to execute arbitrary code via a crafted LZH archive, as exploited by malware such as Trojan.Lhdropper...
CVE-2007-3375
CVE-2007-3375: Lhaca File Archiver before 1.21 is affected by a stack-based buffer overflow in a crafted LZH archive, allowing user-assisted remote code execution. The vulnerability is exploited by malware such as Trojan.Lhdropper. Impact details indicate arbitrary code execution with user intera...
CVE-2007-3375
Stack-based buffer overflow in Lhaca File Archiver before 1.21 allows user-assisted remote attackers to execute arbitrary code via a crafted LZH archive, as exploited by malware such as Trojan.Lhdropper...