□ Overview
o ALZip v10.76.0.0 and eariler vesion has a stack-overflow vulnerability which can be used as a remote-code-
execution attack.
| Vulnerability type |
Impact |
Severity |
CVE ID |
| stack-overflow |
Remote Code Execution |
High |
CVE-2018-5196 |
□ Description
o Alzip is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execution arbitrary code.
□ Affected Products
| Product |
Version |
Platform |
| ALZip |
10.76.0.0 and earlier |
Windows |
□ Solution
o Update software over 10.81 version or over then it.
|