6 matches found
CVE-2011-1336
CVE-2011-1336 affects ESTsoft ALZip ≤ 8.21. The vulnerability is a stack buffer overflow in the libETC.dll caused by parsing the filename/name fields in MIM headers. A remote attacker can trigger arbitrary code execution by convincing a user to open a crafted MIM file. Remediation: upgrade to ALZ...
CVE-2017-11323
CVE-2017-11323 affects ESTsoft ALZip 8.51 and earlier. The root cause is a stack-based buffer overflow in the handling of MS-DOS device files, exploitable remotely when a crafted filename begins with substrings like AUX. Reported impact is arbitrary code execution with the attacker likely remote,...
CVE-2018-10027
ESTsoft ALZip (Windows) before version 10.76 is affected. Local attackers can execute arbitrary code by placing a malicious DLL in specific ALZip directories (%PROGRAMFILES%\ESTsoft\ALZip\Formats, %PROGRAMFILES%\ESTsoft\ALZip\Coders, and their 32‑bit equivalents) and installing it. Root cause is ...
CVE-2018-5196
The CVE-2018-5196 entry affects ESTsoft ALZip (versions 10.76.0.0 and earlier). The root cause is a stack overflow caused by improper bounds checking when handling specially crafted LZH archives. Exploitation wording from multiple sources indicates that convincing a user to open a malicious LZH f...
CVE-2019-12807
CVE-2019-12807 affects ESTsoft Alzip 10.83 and earlier. The vulnerability is a stack-based buffer overflow caused by improper bounds checking when parsing a crafted ISO archive file. By convincing a user to open a specially crafted ISO, an attacker could execute arbitrary code on the affected sys...
CVE-2005-3194
CVE-2005-3194 affects ALZip 6.12 (Korean), 6.1 (International), and 5.52 (English). The vulnerability is described as multiple buffer overflows that allow remote attackers to execute arbitrary code via a long filename inside compressed archives (ALZ, ARJ, ZIP, UUE, XXE). Connected sources reitera...