CVE-2014-2720

Name of the Vulnerable Software and Affected Versions IZArc version 4.1.8

Description The issue allows user-assisted remote attackers to conduct file-extension spoofing attacks. This is achieved by modifying the Central Directory in a ZIP archive to display a different file extension than the one in the local file header, potentially leading to unintended code execution. For example, a file with a .jpg extension in the Central Directory and a .exe extension in the local file header could be used to prompt unintended code execution.

Recommendations For IZArc version 4.1.8, consider updating to a newer version that addresses this issue, as no specific workaround is provided for this version. If no update is available, as a temporary workaround, consider verifying the file extensions of files within ZIP archives to ensure they match the expected type before opening them.