CVE-2018-5196

Published: Dec 21, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execute arbitrary code execution.

Affected (1)

Products: Estsoft: Alzip

Estsoft

1 product

Alzip

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Estsoft Alzip	Up to 10.76.0.0

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

https://www.altools.co.kr/Support/Notice_Contents.aspx?idx=1677&page=2&t=

Source: vuln@krcert.or.kr

Vendor Advisory

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=27688

Source: vuln@krcert.or.kr

Third Party Advisory

https://www.altools.co.kr/Support/Notice_Contents.aspx?idx=1677&page=2&t=

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=27688

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.