본문내용 바로가기 메인메뉴 바로가기

하단내용 바로가기

Security Advisory (Korean)

Security Advisory Detail
CVE-2018-5196 | Remote Code Execution; Stack-overflow on ALZip LZH File FMT2018.10.16

□ Overview
 o ALZip v10.76.0.0 and eariler vesion has a stack-overflow vulnerability which can be used as a remote-code-

    execution attack.

Vulnerability type Impact Severity CVE ID
stack-overflow Remote Code Execution Critical CVE-2018-5196
 

□ Description 
 o Alzip is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execution arbitrary code.
 

□ Affected Products 
Product Version Platform
ALZip 10.76.0.0 and earlier Windows
 

□ Solution
 o Update software over 10.81 version or over then it.