4 matches found
CVE-2022-29886
ESTsoft Alyac 2.5.8.544 is affected by CVE-2022-29886 due to an integer overflow when parsing OLE files, causing a heap-based buffer overflow that can lead to arbitrary code execution. TALOS confirms the vulnerability occurs when processing the OLE header’s Number of Mini FAT sectors; an overflow...
CVE-2022-32543
ESTsoft Alyac 2.5.8.544 is affected by an integer overflow in OLE file parsing that causes a heap buffer overflow and can enable arbitrary code execution when a user opens a specially crafted OLE file. Talos/TALOS-2022-1527 details show the overflow occurs during heap allocation: a 32-bit truncat...
CVE-2022-21147
ESTsoft Alyac 2.5.7.7 contains an out-of-bounds read in the malware scan module (coen.aym) used when parsing PE files, which can crash Alyac and effectively stop the malware scan. TALOS confirms the vulnerability exists in the Alyac PE scanning path and identifies the exact module path and a loop...
CVE-2022-43665
ESTsoft Alyac 2.5.8.645 is affected by CVE-2022-43665 due to a denial-of-service caused by an NT header out-of-bounds read in the malware-scanning path. Talos details show the crash occurs while Alyac analyzes a PE file, specifically when GetTextSectionRange interacts with the NT header after par...