ALZip version 8.51 suffers from buffer overflow and file creation vulnerabilities.
c12e8fcc5c3c680d7dde2ca1257975ec8e0e2540c23524db4d6266b0322dd514[Suggested description]
Buffer overflow in ALZip 8.51 and earlier allows remote attackers to
execute arbitrary code via a crafted DosDevice file.
------------------------------------------
[Additional Information]
To reproduce this issue, create a file named "AUX.3.2.1.e.pwned" using
normal user CMD via following syntax: type AUX >
\\.\C:\ProgramData\AUX.3.2.1.e.PWNED
later you will find that AUX.3.2.1.e.PWNED file has created in
C:\ProgramData folder.
If you just simply "right-click" that file, ALZip's file compression will
cause Stack buffer overflow which allows remote attackers to execute
arbitrary code.
------------------------------------------
[Vulnerability Type]
Buffer Overflow
------------------------------------------
[Vendor of Product]
ESTsoft
------------------------------------------
[Affected Product Code Base]
ALZip - 8.51
------------------------------------------
[Affected Component]
file compression
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Code execution]
true
------------------------------------------
[Attack Vectors]
via a crafted DosDevice file
------------------------------------------
[Discoverer]
James Lee
Use CVE-2017-11323.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed