Professional Documents
Culture Documents
Alzip Exec
Alzip Exec
------------------------------------------
[Additional Information]
To reproduce this issue, create a file named "AUX.3.2.1.e.pwned" using
normal user CMD via following syntax: type AUX >
\\.\C:\ProgramData\AUX.3.2.1.e.PWNED
If you just simply "right-click" that file, ALZip's file compression will
cause Stack buffer overflow which allows remote attackers to execute
arbitrary code.
------------------------------------------
[Vulnerability Type]
Buffer Overflow
------------------------------------------
[Vendor of Product]
ESTsoft
------------------------------------------
------------------------------------------
[Affected Component]
file compression
------------------------------------------
[Attack Type]
Remote
------------------------------------------
------------------------------------------
[Attack Vectors]
via a crafted DosDevice file
------------------------------------------
[Discoverer]
James Lee
Use CVE-2017-11323.