Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
15 vulnerabilities found for ALZip by ESTsoft
CVE-2025-29864 (GCVE-0-2025-29864)
Vulnerability from cvelistv5 – Published: 2025-12-03 08:13 – Updated: 2025-12-03 14:22
VLAI
Summary
Protection Mechanism Failure vulnerability in ESTsoft ALZip on Windows allows SmartScreen bypass.This issue affects ALZip: from 12.01 before 12.29.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://altools.co.kr/product/ALZIP |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-29864",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T14:22:26.370340Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T14:22:34.580Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ALZip",
"vendor": "ESTsoft",
"versions": [
{
"changes": [
{
"at": "12.30",
"status": "unaffected"
}
],
"lessThan": "12.29",
"status": "affected",
"version": "12.01",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Protection Mechanism Failure vulnerability in ESTsoft ALZip on Windows allows SmartScreen bypass.\u003cp\u003eThis issue affects ALZip: from 12.01 before 12.29.\u003c/p\u003e"
}
],
"value": "Protection Mechanism Failure vulnerability in ESTsoft ALZip on Windows allows SmartScreen bypass.This issue affects ALZip: from 12.01 before 12.29."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Not Applicable"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T08:13:58.640Z",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"url": "https://altools.co.kr/product/ALZIP"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2025-29864",
"datePublished": "2025-12-03T08:13:58.640Z",
"dateReserved": "2025-03-12T07:03:23.441Z",
"dateUpdated": "2025-12-03T14:22:34.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-12807 (GCVE-0-2019-12807)
Vulnerability from cvelistv5 – Published: 2019-08-13 19:22 – Updated: 2024-08-04 23:32
VLAI
Summary
Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code.
Severity
No CVSS data available.
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.boho.or.kr/krcert/secNoticeView.do?bu… | x_refsource_MISC |
| https://www.altools.co.kr/Download/ALZip.aspx#n | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35114"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.altools.co.kr/Download/ALZip.aspx#n"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ALZIP",
"vendor": "ESTSOFT",
"versions": [
{
"status": "affected",
"version": "10.83"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-13T19:22:35.000Z",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35114"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.altools.co.kr/Download/ALZip.aspx#n"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2019-12807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ALZIP",
"version": {
"version_data": [
{
"version_value": "10.83"
}
]
}
}
]
},
"vendor_name": "ESTSOFT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35114",
"refsource": "MISC",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35114"
},
{
"name": "https://www.altools.co.kr/Download/ALZip.aspx#n",
"refsource": "MISC",
"url": "https://www.altools.co.kr/Download/ALZip.aspx#n"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2019-12807",
"datePublished": "2019-08-13T19:22:35.000Z",
"dateReserved": "2019-06-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:32:55.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5196 (GCVE-0-2018-5196)
Vulnerability from cvelistv5 – Published: 2018-12-21 15:00 – Updated: 2024-09-16 18:48
VLAI
Title
Alzip Stack Overflow Vulnerability
Summary
Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execute arbitrary code execution.
Severity
8.8 (High)
CWE
- Stack based overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.boho.or.kr/krcert/secNoticeView.do?bu… | x_refsource_MISC |
| https://www.altools.co.kr/Support/Notice_Contents… | x_refsource_MISC |
Impacted products
Date Public
2018-10-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:26:46.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=27688"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.altools.co.kr/Support/Notice_Contents.aspx?idx=1677\u0026page=2\u0026t="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86, x64"
],
"product": "Alzip",
"vendor": "Estsoft",
"versions": [
{
"lessThanOrEqual": "10.76.0.0",
"status": "affected",
"version": "Alzip",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execute arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack based overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-21T14:57:01.000Z",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=27688"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.altools.co.kr/Support/Notice_Contents.aspx?idx=1677\u0026page=2\u0026t="
}
],
"solutions": [
{
"lang": "en",
"value": "Update software over 10.81 version or over then it."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Alzip Stack Overflow Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"DATE_PUBLIC": "2018-10-16T08:30:00.000Z",
"ID": "CVE-2018-5196",
"STATE": "PUBLIC",
"TITLE": "Alzip Stack Overflow Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Alzip",
"version": {
"version_data": [
{
"affected": "\u003c=",
"platform": "x86, x64",
"version_affected": "\u003c=",
"version_name": "Alzip",
"version_value": "10.76.0.0"
}
]
}
}
]
},
"vendor_name": "Estsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execute arbitrary code execution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack based overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=27688",
"refsource": "MISC",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=27688"
},
{
"name": "https://www.altools.co.kr/Support/Notice_Contents.aspx?idx=1677\u0026page=2\u0026t=",
"refsource": "MISC",
"url": "https://www.altools.co.kr/Support/Notice_Contents.aspx?idx=1677\u0026page=2\u0026t="
}
]
},
"solution": [
{
"lang": "en",
"value": "Update software over 10.81 version or over then it."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2018-5196",
"datePublished": "2018-12-21T15:00:00.000Z",
"dateReserved": "2018-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:48:27.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10027 (GCVE-0-2018-10027)
Vulnerability from cvelistv5 – Published: 2018-05-17 12:00 – Updated: 2024-08-05 07:32
VLAI
Summary
ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: %PROGRAMFILES%\ESTsoft\ALZip\Formats, %PROGRAMFILES%\ESTsoft\ALZip\Coders, %PROGRAMFILES(X86)%\ESTsoft\ALZip\Formats, or %PROGRAMFILES(X86)%\ESTsoft\ALZip\Coders.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://pastebin.com/XHMeS7pQ | x_refsource_MISC |
| https://www.altools.co.kr/Support/Notice_Contents… | x_refsource_MISC |
Date Public
2018-05-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:32:00.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/XHMeS7pQ"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.altools.co.kr/Support/Notice_Contents.aspx?idx=1640\u0026page=1\u0026t=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: %PROGRAMFILES%\\ESTsoft\\ALZip\\Formats, %PROGRAMFILES%\\ESTsoft\\ALZip\\Coders, %PROGRAMFILES(X86)%\\ESTsoft\\ALZip\\Formats, or %PROGRAMFILES(X86)%\\ESTsoft\\ALZip\\Coders."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-17T11:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/XHMeS7pQ"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.altools.co.kr/Support/Notice_Contents.aspx?idx=1640\u0026page=1\u0026t=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: %PROGRAMFILES%\\ESTsoft\\ALZip\\Formats, %PROGRAMFILES%\\ESTsoft\\ALZip\\Coders, %PROGRAMFILES(X86)%\\ESTsoft\\ALZip\\Formats, or %PROGRAMFILES(X86)%\\ESTsoft\\ALZip\\Coders."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pastebin.com/XHMeS7pQ",
"refsource": "MISC",
"url": "https://pastebin.com/XHMeS7pQ"
},
{
"name": "https://www.altools.co.kr/Support/Notice_Contents.aspx?idx=1640\u0026page=1\u0026t=2",
"refsource": "MISC",
"url": "https://www.altools.co.kr/Support/Notice_Contents.aspx?idx=1640\u0026page=1\u0026t=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10027",
"datePublished": "2018-05-17T12:00:00.000Z",
"dateReserved": "2018-04-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:32:00.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11323 (GCVE-0-2017-11323)
Vulnerability from cvelistv5 – Published: 2017-08-19 16:00 – Updated: 2024-08-05 18:05
VLAI
Summary
Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of "AUX" as the initial substring of a filename.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.altools.com/ALTools/ALZip/Version-Hist… | x_refsource_MISC |
| http://exploit.kitploit.com/2017/08/alzip-851-buf… | x_refsource_MISC |
Date Public
2017-08-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:05:30.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.altools.com/ALTools/ALZip/Version-History.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://exploit.kitploit.com/2017/08/alzip-851-buffer-overflow.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of \"AUX\" as the initial substring of a filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.altools.com/ALTools/ALZip/Version-History.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://exploit.kitploit.com/2017/08/alzip-851-buffer-overflow.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of \"AUX\" as the initial substring of a filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.altools.com/ALTools/ALZip/Version-History.aspx",
"refsource": "MISC",
"url": "http://www.altools.com/ALTools/ALZip/Version-History.aspx"
},
{
"name": "http://exploit.kitploit.com/2017/08/alzip-851-buffer-overflow.html",
"refsource": "MISC",
"url": "http://exploit.kitploit.com/2017/08/alzip-851-buffer-overflow.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11323",
"datePublished": "2017-08-19T16:00:00.000Z",
"dateReserved": "2017-07-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:05:30.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1336 (GCVE-0-2011-1336)
Vulnerability from cvelistv5 – Published: 2011-07-07 19:00 – Updated: 2024-09-16 18:13
VLAI
Summary
Buffer overflow in ALZip 8.21 and earlier allows remote attackers to execute arbitrary code via a crafted mim file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2011-000048 | third-party-advisoryx_refsource_JVNDB |
| http://www.securityfocus.com/bid/48493 | vdb-entryx_refsource_BID |
| http://www.altools.jp/ETC/NEWS.aspx?mid=231&vidx=118 | x_refsource_CONFIRM |
| http://www.altools.jp/download.aspx | x_refsource_CONFIRM |
| http://secunia.com/advisories/45108 | third-party-advisoryx_refsource_SECUNIA |
| http://jvn.jp/en/jp/JVN01547302/index.html | third-party-advisoryx_refsource_JVN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:34.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2011-000048",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000048"
},
{
"name": "48493",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48493"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.altools.jp/ETC/NEWS.aspx?mid=231\u0026vidx=118"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.altools.jp/download.aspx"
},
{
"name": "45108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45108"
},
{
"name": "JVN#01547302",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN01547302/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in ALZip 8.21 and earlier allows remote attackers to execute arbitrary code via a crafted mim file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-07-07T19:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2011-000048",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000048"
},
{
"name": "48493",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48493"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.altools.jp/ETC/NEWS.aspx?mid=231\u0026vidx=118"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.altools.jp/download.aspx"
},
{
"name": "45108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45108"
},
{
"name": "JVN#01547302",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN01547302/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-1336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in ALZip 8.21 and earlier allows remote attackers to execute arbitrary code via a crafted mim file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2011-000048",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000048"
},
{
"name": "48493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48493"
},
{
"name": "http://www.altools.jp/ETC/NEWS.aspx?mid=231\u0026vidx=118",
"refsource": "CONFIRM",
"url": "http://www.altools.jp/ETC/NEWS.aspx?mid=231\u0026vidx=118"
},
{
"name": "http://www.altools.jp/download.aspx",
"refsource": "CONFIRM",
"url": "http://www.altools.jp/download.aspx"
},
{
"name": "45108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45108"
},
{
"name": "JVN#01547302",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN01547302/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-1336",
"datePublished": "2011-07-07T19:00:00.000Z",
"dateReserved": "2011-03-09T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:13:33.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3194 (GCVE-0-2005-3194)
Vulnerability from cvelistv5 – Published: 2005-10-14 04:00 – Updated: 2024-08-07 23:01
VLAI
Summary
Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), and 5.52 (English) allow remote attackers to execute arbitrary code via a long filename in a compressed (1) ALZ, (2) ARJ, (3) ZIP, (4) UUE, or (5) XXE archive.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1015003 | vdb-entryx_refsource_SECTRACK |
| http://www.osvdb.org/19890 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/secunia_research/2005-49/advisory/ | x_refsource_MISC |
| http://secunia.com/advisories/16847/ | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/15010 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/19889 | vdb-entryx_refsource_OSVDB |
Date Public
2005-10-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:58.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015003",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015003"
},
{
"name": "19890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19890"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2005-49/advisory/"
},
{
"name": "16847",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16847/"
},
{
"name": "alzip-filename-bo(22526)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22526"
},
{
"name": "15010",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15010"
},
{
"name": "19889",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19889"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), and 5.52 (English) allow remote attackers to execute arbitrary code via a long filename in a compressed (1) ALZ, (2) ARJ, (3) ZIP, (4) UUE, or (5) XXE archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015003",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015003"
},
{
"name": "19890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19890"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2005-49/advisory/"
},
{
"name": "16847",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16847/"
},
{
"name": "alzip-filename-bo(22526)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22526"
},
{
"name": "15010",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15010"
},
{
"name": "19889",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19889"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), and 5.52 (English) allow remote attackers to execute arbitrary code via a long filename in a compressed (1) ALZ, (2) ARJ, (3) ZIP, (4) UUE, or (5) XXE archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015003",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015003"
},
{
"name": "19890",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19890"
},
{
"name": "http://secunia.com/secunia_research/2005-49/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-49/advisory/"
},
{
"name": "16847",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16847/"
},
{
"name": "alzip-filename-bo(22526)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22526"
},
{
"name": "15010",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15010"
},
{
"name": "19889",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19889"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3194",
"datePublished": "2005-10-14T04:00:00.000Z",
"dateReserved": "2005-10-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:01:58.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-29864 (GCVE-0-2025-29864)
Vulnerability from nvd – Published: 2025-12-03 08:13 – Updated: 2025-12-03 14:22
VLAI
Summary
Protection Mechanism Failure vulnerability in ESTsoft ALZip on Windows allows SmartScreen bypass.This issue affects ALZip: from 12.01 before 12.29.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://altools.co.kr/product/ALZIP |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-29864",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T14:22:26.370340Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T14:22:34.580Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ALZip",
"vendor": "ESTsoft",
"versions": [
{
"changes": [
{
"at": "12.30",
"status": "unaffected"
}
],
"lessThan": "12.29",
"status": "affected",
"version": "12.01",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Protection Mechanism Failure vulnerability in ESTsoft ALZip on Windows allows SmartScreen bypass.\u003cp\u003eThis issue affects ALZip: from 12.01 before 12.29.\u003c/p\u003e"
}
],
"value": "Protection Mechanism Failure vulnerability in ESTsoft ALZip on Windows allows SmartScreen bypass.This issue affects ALZip: from 12.01 before 12.29."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Not Applicable"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T08:13:58.640Z",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"url": "https://altools.co.kr/product/ALZIP"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2025-29864",
"datePublished": "2025-12-03T08:13:58.640Z",
"dateReserved": "2025-03-12T07:03:23.441Z",
"dateUpdated": "2025-12-03T14:22:34.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-12807 (GCVE-0-2019-12807)
Vulnerability from nvd – Published: 2019-08-13 19:22 – Updated: 2024-08-04 23:32
VLAI
Summary
Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code.
Severity
No CVSS data available.
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.boho.or.kr/krcert/secNoticeView.do?bu… | x_refsource_MISC |
| https://www.altools.co.kr/Download/ALZip.aspx#n | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35114"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.altools.co.kr/Download/ALZip.aspx#n"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ALZIP",
"vendor": "ESTSOFT",
"versions": [
{
"status": "affected",
"version": "10.83"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-13T19:22:35.000Z",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35114"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.altools.co.kr/Download/ALZip.aspx#n"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2019-12807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ALZIP",
"version": {
"version_data": [
{
"version_value": "10.83"
}
]
}
}
]
},
"vendor_name": "ESTSOFT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35114",
"refsource": "MISC",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35114"
},
{
"name": "https://www.altools.co.kr/Download/ALZip.aspx#n",
"refsource": "MISC",
"url": "https://www.altools.co.kr/Download/ALZip.aspx#n"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2019-12807",
"datePublished": "2019-08-13T19:22:35.000Z",
"dateReserved": "2019-06-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:32:55.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5196 (GCVE-0-2018-5196)
Vulnerability from nvd – Published: 2018-12-21 15:00 – Updated: 2024-09-16 18:48
VLAI
Title
Alzip Stack Overflow Vulnerability
Summary
Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execute arbitrary code execution.
Severity
8.8 (High)
CWE
- Stack based overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.boho.or.kr/krcert/secNoticeView.do?bu… | x_refsource_MISC |
| https://www.altools.co.kr/Support/Notice_Contents… | x_refsource_MISC |
Impacted products
Date Public
2018-10-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:26:46.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=27688"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.altools.co.kr/Support/Notice_Contents.aspx?idx=1677\u0026page=2\u0026t="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86, x64"
],
"product": "Alzip",
"vendor": "Estsoft",
"versions": [
{
"lessThanOrEqual": "10.76.0.0",
"status": "affected",
"version": "Alzip",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execute arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack based overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-21T14:57:01.000Z",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=27688"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.altools.co.kr/Support/Notice_Contents.aspx?idx=1677\u0026page=2\u0026t="
}
],
"solutions": [
{
"lang": "en",
"value": "Update software over 10.81 version or over then it."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Alzip Stack Overflow Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"DATE_PUBLIC": "2018-10-16T08:30:00.000Z",
"ID": "CVE-2018-5196",
"STATE": "PUBLIC",
"TITLE": "Alzip Stack Overflow Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Alzip",
"version": {
"version_data": [
{
"affected": "\u003c=",
"platform": "x86, x64",
"version_affected": "\u003c=",
"version_name": "Alzip",
"version_value": "10.76.0.0"
}
]
}
}
]
},
"vendor_name": "Estsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execute arbitrary code execution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack based overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=27688",
"refsource": "MISC",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=27688"
},
{
"name": "https://www.altools.co.kr/Support/Notice_Contents.aspx?idx=1677\u0026page=2\u0026t=",
"refsource": "MISC",
"url": "https://www.altools.co.kr/Support/Notice_Contents.aspx?idx=1677\u0026page=2\u0026t="
}
]
},
"solution": [
{
"lang": "en",
"value": "Update software over 10.81 version or over then it."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2018-5196",
"datePublished": "2018-12-21T15:00:00.000Z",
"dateReserved": "2018-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:48:27.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10027 (GCVE-0-2018-10027)
Vulnerability from nvd – Published: 2018-05-17 12:00 – Updated: 2024-08-05 07:32
VLAI
Summary
ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: %PROGRAMFILES%\ESTsoft\ALZip\Formats, %PROGRAMFILES%\ESTsoft\ALZip\Coders, %PROGRAMFILES(X86)%\ESTsoft\ALZip\Formats, or %PROGRAMFILES(X86)%\ESTsoft\ALZip\Coders.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://pastebin.com/XHMeS7pQ | x_refsource_MISC |
| https://www.altools.co.kr/Support/Notice_Contents… | x_refsource_MISC |
Date Public
2018-05-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:32:00.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/XHMeS7pQ"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.altools.co.kr/Support/Notice_Contents.aspx?idx=1640\u0026page=1\u0026t=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: %PROGRAMFILES%\\ESTsoft\\ALZip\\Formats, %PROGRAMFILES%\\ESTsoft\\ALZip\\Coders, %PROGRAMFILES(X86)%\\ESTsoft\\ALZip\\Formats, or %PROGRAMFILES(X86)%\\ESTsoft\\ALZip\\Coders."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-17T11:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/XHMeS7pQ"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.altools.co.kr/Support/Notice_Contents.aspx?idx=1640\u0026page=1\u0026t=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: %PROGRAMFILES%\\ESTsoft\\ALZip\\Formats, %PROGRAMFILES%\\ESTsoft\\ALZip\\Coders, %PROGRAMFILES(X86)%\\ESTsoft\\ALZip\\Formats, or %PROGRAMFILES(X86)%\\ESTsoft\\ALZip\\Coders."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pastebin.com/XHMeS7pQ",
"refsource": "MISC",
"url": "https://pastebin.com/XHMeS7pQ"
},
{
"name": "https://www.altools.co.kr/Support/Notice_Contents.aspx?idx=1640\u0026page=1\u0026t=2",
"refsource": "MISC",
"url": "https://www.altools.co.kr/Support/Notice_Contents.aspx?idx=1640\u0026page=1\u0026t=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10027",
"datePublished": "2018-05-17T12:00:00.000Z",
"dateReserved": "2018-04-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:32:00.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11323 (GCVE-0-2017-11323)
Vulnerability from nvd – Published: 2017-08-19 16:00 – Updated: 2024-08-05 18:05
VLAI
Summary
Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of "AUX" as the initial substring of a filename.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.altools.com/ALTools/ALZip/Version-Hist… | x_refsource_MISC |
| http://exploit.kitploit.com/2017/08/alzip-851-buf… | x_refsource_MISC |
Date Public
2017-08-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:05:30.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.altools.com/ALTools/ALZip/Version-History.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://exploit.kitploit.com/2017/08/alzip-851-buffer-overflow.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of \"AUX\" as the initial substring of a filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.altools.com/ALTools/ALZip/Version-History.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://exploit.kitploit.com/2017/08/alzip-851-buffer-overflow.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of \"AUX\" as the initial substring of a filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.altools.com/ALTools/ALZip/Version-History.aspx",
"refsource": "MISC",
"url": "http://www.altools.com/ALTools/ALZip/Version-History.aspx"
},
{
"name": "http://exploit.kitploit.com/2017/08/alzip-851-buffer-overflow.html",
"refsource": "MISC",
"url": "http://exploit.kitploit.com/2017/08/alzip-851-buffer-overflow.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11323",
"datePublished": "2017-08-19T16:00:00.000Z",
"dateReserved": "2017-07-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:05:30.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1336 (GCVE-0-2011-1336)
Vulnerability from nvd – Published: 2011-07-07 19:00 – Updated: 2024-09-16 18:13
VLAI
Summary
Buffer overflow in ALZip 8.21 and earlier allows remote attackers to execute arbitrary code via a crafted mim file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2011-000048 | third-party-advisoryx_refsource_JVNDB |
| http://www.securityfocus.com/bid/48493 | vdb-entryx_refsource_BID |
| http://www.altools.jp/ETC/NEWS.aspx?mid=231&vidx=118 | x_refsource_CONFIRM |
| http://www.altools.jp/download.aspx | x_refsource_CONFIRM |
| http://secunia.com/advisories/45108 | third-party-advisoryx_refsource_SECUNIA |
| http://jvn.jp/en/jp/JVN01547302/index.html | third-party-advisoryx_refsource_JVN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:34.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2011-000048",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000048"
},
{
"name": "48493",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48493"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.altools.jp/ETC/NEWS.aspx?mid=231\u0026vidx=118"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.altools.jp/download.aspx"
},
{
"name": "45108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45108"
},
{
"name": "JVN#01547302",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN01547302/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in ALZip 8.21 and earlier allows remote attackers to execute arbitrary code via a crafted mim file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-07-07T19:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2011-000048",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000048"
},
{
"name": "48493",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48493"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.altools.jp/ETC/NEWS.aspx?mid=231\u0026vidx=118"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.altools.jp/download.aspx"
},
{
"name": "45108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45108"
},
{
"name": "JVN#01547302",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN01547302/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-1336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in ALZip 8.21 and earlier allows remote attackers to execute arbitrary code via a crafted mim file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2011-000048",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000048"
},
{
"name": "48493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48493"
},
{
"name": "http://www.altools.jp/ETC/NEWS.aspx?mid=231\u0026vidx=118",
"refsource": "CONFIRM",
"url": "http://www.altools.jp/ETC/NEWS.aspx?mid=231\u0026vidx=118"
},
{
"name": "http://www.altools.jp/download.aspx",
"refsource": "CONFIRM",
"url": "http://www.altools.jp/download.aspx"
},
{
"name": "45108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45108"
},
{
"name": "JVN#01547302",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN01547302/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-1336",
"datePublished": "2011-07-07T19:00:00.000Z",
"dateReserved": "2011-03-09T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:13:33.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3194 (GCVE-0-2005-3194)
Vulnerability from nvd – Published: 2005-10-14 04:00 – Updated: 2024-08-07 23:01
VLAI
Summary
Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), and 5.52 (English) allow remote attackers to execute arbitrary code via a long filename in a compressed (1) ALZ, (2) ARJ, (3) ZIP, (4) UUE, or (5) XXE archive.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1015003 | vdb-entryx_refsource_SECTRACK |
| http://www.osvdb.org/19890 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/secunia_research/2005-49/advisory/ | x_refsource_MISC |
| http://secunia.com/advisories/16847/ | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/15010 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/19889 | vdb-entryx_refsource_OSVDB |
Date Public
2005-10-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:58.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015003",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015003"
},
{
"name": "19890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19890"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2005-49/advisory/"
},
{
"name": "16847",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16847/"
},
{
"name": "alzip-filename-bo(22526)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22526"
},
{
"name": "15010",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15010"
},
{
"name": "19889",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19889"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), and 5.52 (English) allow remote attackers to execute arbitrary code via a long filename in a compressed (1) ALZ, (2) ARJ, (3) ZIP, (4) UUE, or (5) XXE archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015003",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015003"
},
{
"name": "19890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19890"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2005-49/advisory/"
},
{
"name": "16847",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16847/"
},
{
"name": "alzip-filename-bo(22526)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22526"
},
{
"name": "15010",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15010"
},
{
"name": "19889",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19889"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), and 5.52 (English) allow remote attackers to execute arbitrary code via a long filename in a compressed (1) ALZ, (2) ARJ, (3) ZIP, (4) UUE, or (5) XXE archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015003",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015003"
},
{
"name": "19890",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19890"
},
{
"name": "http://secunia.com/secunia_research/2005-49/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-49/advisory/"
},
{
"name": "16847",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16847/"
},
{
"name": "alzip-filename-bo(22526)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22526"
},
{
"name": "15010",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15010"
},
{
"name": "19889",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19889"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3194",
"datePublished": "2005-10-14T04:00:00.000Z",
"dateReserved": "2005-10-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:01:58.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2011-000048
Vulnerability from jvndb - Published: 2011-06-29 18:20 - Updated:2011-06-29 18:20Summary
ALZip vulnerable to buffer overflow
Details
ALZip provided by ESTsoft Japan Corp. contains a buffer overflow vulnerability.
ALZip is a file compression/extraction software from ESTsoft Japan Corp. ALZip contains a buffer overflow vulnerability due to improper handling of mim files.
Takahiko Funakubo of Fourteenforty Research Institute, Inc reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000048.html",
"dc:date": "2011-06-29T18:20+09:00",
"dcterms:issued": "2011-06-29T18:20+09:00",
"dcterms:modified": "2011-06-29T18:20+09:00",
"description": "ALZip provided by ESTsoft Japan Corp. contains a buffer overflow vulnerability.\r\n\r\nALZip is a file compression/extraction software from ESTsoft Japan Corp. ALZip contains a buffer overflow vulnerability due to improper handling of mim files.\r\n\r\nTakahiko Funakubo of Fourteenforty Research Institute, Inc reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000048.html",
"sec:cpe": {
"#text": "cpe:/a:estsoft:alzip",
"@product": "ALZip",
"@vendor": "ESTsoft",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000048",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN01547302/index.html",
"@id": "JVN#01547302",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1336",
"@id": "CVE-2011-1336",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1336",
"@id": "CVE-2011-1336",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/english/vuln/201106_alzip_en.html",
"@id": "Security Alert for Vulnerability in ALZip",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "ALZip vulnerable to buffer overflow"
}