Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-11323

Publish Date: 31 Jul 2017

Source

                							

                [Suggested description]
Buffer overflow in ALZip 8.51 and earlier allows remote attackers to
execute arbitrary code via a crafted DosDevice file.

------------------------------------------

[Additional Information]
To reproduce this issue, create a file named "AUX.3.2.1.e.pwned" using
normal user CMD via following syntax: type AUX &gt;
\\.\C:\ProgramData\AUX.3.2.1.e.PWNED

later you will find that AUX.3.2.1.e.PWNED file has created in
C:\ProgramData folder.

If you just simply "right-click" that file, ALZip's file compression will
cause Stack buffer overflow which allows remote attackers to execute
arbitrary code.

------------------------------------------

[Vulnerability Type]
Buffer Overflow

------------------------------------------

[Vendor of Product]
ESTsoft

------------------------------------------

[Affected Product Code Base]
ALZip - 8.51

------------------------------------------

[Affected Component]
file compression

------------------------------------------

[Attack Type]
Remote

------------------------------------------

[Impact Code execution]
true

------------------------------------------

[Attack Vectors]
via a crafted DosDevice file

------------------------------------------

[Discoverer]
James Lee

Use CVE-2017-11323.
<p>

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALZip 8.51 Buffer Overflow

Vulmon Search

About

Products

Connect