PT-2018-16791 · Estsoft · Alzip

Publicado

2018-12-21

Atualizado

2020-08-24

CVE-2018-5196

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Alzip versions 10.76.0.0 and earlier

Description The issue is caused by improper bounds checking, leading to a stack overflow. This can be exploited by persuading a victim to open a specially-crafted LZH archive file, potentially allowing an attacker to execute arbitrary code.

Recommendations For versions 10.76.0.0 and earlier, update to a version that includes proper bounds checking to prevent the stack overflow and arbitrary code execution.

Correção

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

CVE-2018-5196

Produtos afetados

Alzip

PT-2018-16791 · Estsoft · Alzip

CVE-2018-5196

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4