PT-2007-5881 · Akky+2 · Akkywarehouse+1
Akky
·
Published
2007-09-05
·
Updated
2020-09-17
·
CVE-2007-4725
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
AkkyWareHOUSE versions prior to 4.42.00.04
Description:
The issue allows user-assisted remote attackers to execute arbitrary code via a long filename in an archive, leading to a heap-based buffer overflow. This occurs due to a stack consumption vulnerability in the 7-zip32.dll component.
Recommendations:
For versions prior to 4.42.00.04, update to version 4.42.00.04 or later to resolve the issue. As a temporary workaround, consider avoiding the use of long filenames in archives to minimize the risk of exploitation.
Exploit
Fix
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
7-Zip
Akkywarehouse