CVE-2019-12807 (GCVE-0-2019-12807)

Vulnerability from cvelistv5 – Published: 2019-08-13 19:22 – Updated: 2024-08-04 23:32
VLAI?
Summary
Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code.
Severity ?
No CVSS data available.
CWE
  • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
Vendor Product Version
ESTSOFT ALZIP Affected: 10.83
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:32:55.387Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35114"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.altools.co.kr/Download/ALZip.aspx#n"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ALZIP",
          "vendor": "ESTSOFT",
          "versions": [
            {
              "status": "affected",
              "version": "10.83"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-13T19:22:35",
        "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
        "shortName": "krcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35114"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.altools.co.kr/Download/ALZip.aspx#n"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vuln@krcert.or.kr",
          "ID": "CVE-2019-12807",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ALZIP",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.83"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ESTSOFT"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35114",
              "refsource": "MISC",
              "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35114"
            },
            {
              "name": "https://www.altools.co.kr/Download/ALZip.aspx#n",
              "refsource": "MISC",
              "url": "https://www.altools.co.kr/Download/ALZip.aspx#n"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
    "assignerShortName": "krcert",
    "cveId": "CVE-2019-12807",
    "datePublished": "2019-08-13T19:22:35",
    "dateReserved": "2019-06-13T00:00:00",
    "dateUpdated": "2024-08-04T23:32:55.387Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:estsoft:alzip:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.83\", \"matchCriteriaId\": \"D538BF19-86A5-457C-9D41-2EC362C1A74D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code.\"}, {\"lang\": \"es\", \"value\": \"Alzip 10.83 y versiones anteriores contienen una vulnerabilidad de desbordamiento del b\\u00fafer basada en la pila, causada por la comprobaci\\u00f3n incorrecta de los l\\u00edmites durante el an\\u00e1lisis del formato de archivo de archivo ISO creado. Al persuadir a una v\\u00edctima para que abra un archivo de archivo ISO especialmente dise\\u00f1ado, un atacante podr\\u00eda ejecutar c\\u00f3digo arbitrario.\"}]",
      "id": "CVE-2019-12807",
      "lastModified": "2024-11-21T04:23:37.160",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2019-08-13T20:15:11.870",
      "references": "[{\"url\": \"https://www.altools.co.kr/Download/ALZip.aspx#n\", \"source\": \"vuln@krcert.or.kr\", \"tags\": [\"Product\", \"Vendor Advisory\"]}, {\"url\": \"https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35114\", \"source\": \"vuln@krcert.or.kr\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.altools.co.kr/Download/ALZip.aspx#n\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\", \"Vendor Advisory\"]}, {\"url\": \"https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35114\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "vuln@krcert.or.kr",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"vuln@krcert.or.kr\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-12807\",\"sourceIdentifier\":\"vuln@krcert.or.kr\",\"published\":\"2019-08-13T20:15:11.870\",\"lastModified\":\"2024-11-21T04:23:37.160\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code.\"},{\"lang\":\"es\",\"value\":\"Alzip 10.83 y versiones anteriores contienen una vulnerabilidad de desbordamiento del b\u00fafer basada en la pila, causada por la comprobaci\u00f3n incorrecta de los l\u00edmites durante el an\u00e1lisis del formato de archivo de archivo ISO creado. Al persuadir a una v\u00edctima para que abra un archivo de archivo ISO especialmente dise\u00f1ado, un atacante podr\u00eda ejecutar c\u00f3digo arbitrario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"vuln@krcert.or.kr\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:estsoft:alzip:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.83\",\"matchCriteriaId\":\"D538BF19-86A5-457C-9D41-2EC362C1A74D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://www.altools.co.kr/Download/ALZip.aspx#n\",\"source\":\"vuln@krcert.or.kr\",\"tags\":[\"Product\",\"Vendor Advisory\"]},{\"url\":\"https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35114\",\"source\":\"vuln@krcert.or.kr\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.altools.co.kr/Download/ALZip.aspx#n\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Vendor Advisory\"]},{\"url\":\"https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35114\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.