Estsoft

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-43665 1Estsoft 1Alyac Nov 21, 2024 Feb 2, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A specially-crafted PE file can lead to killing target process. An attacker can provide a malicious file to trigger t...Show more A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A specially-crafted PE file can lead to killing target process. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2022-32543 1Estsoft 1Alyac Nov 21, 2024 Aug 5, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow which can result in arbitrary code execution. An attacker can...Show more An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2022-29886 1Estsoft 1Alyac Nov 21, 2024 Aug 5, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow, which can result in arbitrary code execution. An attacker can...Show more An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2022-21147 1Estsoft 1Alyac Nov 21, 2024 May 12, 2022 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. A specially-crafted PE file can trigger this vulnerability to cause denial of service and termination of malware scan...Show more An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. A specially-crafted PE file can trigger this vulnerability to cause denial of service and termination of malware scan. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2019-12810 1Estsoft 1Alsee Nov 21, 2024 Aug 30, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code execution. By persuading a...Show more A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code execution. By persuading a victim to open a specially-crafted .PSD file, an attacker could execute arbitrary code.Show less
CVE-2019-12808 1Estsoft 1Altools Nov 21, 2024 Aug 13, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission. An attacker can overwrite an executable that is launched as a service to exploit this vulne...Show more ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission. An attacker can overwrite an executable that is launched as a service to exploit this vulnerability and execute arbitrary code with system privileges.Show less
CVE-2019-12807 1Estsoft 1Alzip Nov 21, 2024 Aug 13, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-c...Show more Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code.Show less
CVE-2018-5196 1Estsoft 1Alzip Nov 21, 2024 Dec 21, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execute arbitrary code execution.
CVE-2018-10027 1Estsoft 1Alzip Nov 21, 2024 May 17, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: %PROGRAMFILES%\ESTsoft\ALZip\Formats, %PROGRAMFILES%\ESTsoft\ALZip\Cod...Show more ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: %PROGRAMFILES%\ESTsoft\ALZip\Formats, %PROGRAMFILES%\ESTsoft\ALZip\Coders, %PROGRAMFILES(X86)%\ESTsoft\ALZip\Formats, or %PROGRAMFILES(X86)%\ESTsoft\ALZip\Coders.Show less
CVE-2017-11323 1Estsoft 1Alzip May 13, 2026 Aug 19, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of "AUX" as the initial substring of a filename.
CVE-2014-8494 1Estsoft 1Alupdate May 6, 2026 Nov 3, 2014 N/A· v4 N/A· v3 4.6 MEDIUM· v2 ESTsoft ALUpdate 8.5.1.0.0 uses weak permissions (Users: Full Control) for the (1) AlUpdate folder and (2) AlUpdate.exe, which allows local users to gain privileges via a Trojan horse file.
CVE-2010-5211 1Estsoft 1Alsee Apr 29, 2026 Sep 6, 2012 N/A· v4 N/A· v3 6.9 MEDIUM· v2 Untrusted search path vulnerability in ALSee 6.20.0.1 allows local users to gain privileges via a Trojan horse patchani.dll file in the current working directory, as demonstrated by a directory that contains a .ani, .bmp...Show more Untrusted search path vulnerability in ALSee 6.20.0.1 allows local users to gain privileges via a Trojan horse patchani.dll file in the current working directory, as demonstrated by a directory that contains a .ani, .bmp, .cal, .hdp, .jpe, .mac, .pbm, .pcx, .pgm, .png, .psd, .ras, .tga, or .tiff file. NOTE: some of these details are obtained from third party information.Show less
CVE-2012-0315 1Estsoft 1Alftp Apr 29, 2026 Feb 22, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by exec...Show more Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file.Show less
CVE-2011-1336 1Estsoft 1Alzip Apr 29, 2026 Jul 7, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 Buffer overflow in ALZip 8.21 and earlier allows remote attackers to execute arbitrary code via a crafted mim file.
CVE-2008-2702 1Estsoft 1Alftp Apr 23, 2026 Jun 13, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a relat...Show more Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.Show less
CVE-2006-2899 1Estsoft 1Internetdisk Apr 16, 2026 Jun 7, 2006 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Unspecified vulnerability in ESTsoft InternetDISK versions before 2006/04/20 allows remote authenticated users to execute arbitrary code, possibly by uploading a file with multiple extensions into the WebLink directory.
CVE-2005-3194 1Estsoft 1Alzip Apr 16, 2026 Oct 14, 2005 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), and 5.52 (English) allow remote attackers to execute arbitrary code via a long filename in a compressed (1) ALZ, (2) ARJ, (3) ZIP, (4) UUE, or (5) XX...Show more Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), and 5.52 (English) allow remote attackers to execute arbitrary code via a long filename in a compressed (1) ALZ, (2) ARJ, (3) ZIP, (4) UUE, or (5) XXE archive.Show less