alzip

Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execute arbitrary code execution.

ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: %PROGRAMFILES%ESTsoftALZipFormats, %PROGRAMFILES%ESTsoftALZipCoders, %PROGRAMFILES(X86)%ESTsoftALZipFormats, or %PROGRAMFILES(X86)%ESTsoftALZipCoders.

Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code.