본문내용 바로가기 메인메뉴 바로가기

하단내용 바로가기

Security Advisory (Korean)

Security Advisory Detail
CVE-2019-12807 | ALZIP ISO archive handling Buffer Overflow Vulnerability2019.08.13
□ Overview

 o ESTSOFT released security update to address buffer overflow vulnerability in ALZIP.

Vulnerability Type

Impact

Severity

CVE ID

Buffer overflow Code execution

High

CVE-2019-12807

 

□ Description

 o ALZIP contains a stack-based buffer overflow vulnerability caused by improper bounds checking during the parsing of a crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execute arbitrary code.
 

□ Affected Product

Product

Version

PlatForm

ALZIP

10.83 and prior

Windows

 

□ Solution

 o Update software over ALZIP 10.85 version

 

□ Reference site

https://www.altools.co.kr/Download/ALZip.aspx

 

□ Acknowledgements

 o Thanks to Hangjun Ko for reporting this vulerability