Estsoft · Alzip · CVE-2018-10027
Name of the Vulnerable Software and Affected Versions:
ESTsoft ALZip versions prior to 10.76
Description:
The issue allows local users to execute arbitrary code by creating a malicious .DLL file and installing it in specific directories, including %PROGRAMFILES%ESTsoftALZipFormats, %PROGRAMFILES%ESTsoftALZipCoders, %PROGRAMFILES(X86)%ESTsoftALZipFormats, or %PROGRAMFILES(X86)%ESTsoftALZipCoders.
Recommendations:
For versions prior to 10.76, update to version 10.76 or later to resolve the issue. As a temporary workaround, consider restricting access to the specified directories to minimize the risk of exploitation.