A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A specially-crafted PE file can lead to killing target process. An attacker can provide a malicious file to trigger this vulnerability.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-02-02
Updated
2023-02-10
An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Max CVSS
7.8
EPSS Score
0.11%
Published
2022-08-05
Updated
2023-06-29
An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Max CVSS
7.8
EPSS Score
0.11%
Published
2022-08-05
Updated
2023-06-28
An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. A specially-crafted PE file can trigger this vulnerability to cause denial of service and termination of malware scan. An attacker can provide a malicious file to trigger this vulnerability.
Max CVSS
5.5
EPSS Score
0.06%
Published
2022-05-12
Updated
2022-05-23
A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code execution. By persuading a victim to open a specially-crafted .PSD file, an attacker could execute arbitrary code.
Max CVSS
7.8
EPSS Score
0.08%
Published
2019-08-30
Updated
2019-10-09
ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission. An attacker can overwrite an executable that is launched as a service to exploit this vulnerability and execute arbitrary code with system privileges.
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-08-13
Updated
2020-10-06
Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code.
Max CVSS
7.8
EPSS Score
0.07%
Published
2019-08-13
Updated
2020-10-06
ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: %PROGRAMFILES%\ESTsoft\ALZip\Formats, %PROGRAMFILES%\ESTsoft\ALZip\Coders, %PROGRAMFILES(X86)%\ESTsoft\ALZip\Formats, or %PROGRAMFILES(X86)%\ESTsoft\ALZip\Coders.
Max CVSS
7.8
EPSS Score
0.04%
Published
2018-05-17
Updated
2018-06-19
Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execute arbitrary code execution.
Max CVSS
8.8
EPSS Score
0.13%
Published
2018-12-21
Updated
2020-08-24
Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of "AUX" as the initial substring of a filename.
Max CVSS
7.8
EPSS Score
8.86%
Published
2017-08-19
Updated
2021-05-03
ESTsoft ALUpdate 8.5.1.0.0 uses weak permissions (Users: Full Control) for the (1) AlUpdate folder and (2) AlUpdate.exe, which allows local users to gain privileges via a Trojan horse file.
Max CVSS
4.6
EPSS Score
0.04%
Published
2014-11-03
Updated
2017-09-08
Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file.
Max CVSS
9.3
EPSS Score
0.08%
Published
2012-02-22
Updated
2017-11-22
Buffer overflow in ALZip 8.21 and earlier allows remote attackers to execute arbitrary code via a crafted mim file.
Max CVSS
9.3
EPSS Score
3.93%
Published
2011-07-07
Updated
2011-07-08
Untrusted search path vulnerability in ALSee 6.20.0.1 allows local users to gain privileges via a Trojan horse patchani.dll file in the current working directory, as demonstrated by a directory that contains a .ani, .bmp, .cal, .hdp, .jpe, .mac, .pbm, .pcx, .pgm, .png, .psd, .ras, .tga, or .tiff file. NOTE: some of these details are obtained from third party information.
Max CVSS
6.9
EPSS Score
0.04%
Published
2012-09-06
Updated
2012-09-06
Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.
Max CVSS
9.3
EPSS Score
0.19%
Published
2008-06-13
Updated
2017-11-22
Unspecified vulnerability in ESTsoft InternetDISK versions before 2006/04/20 allows remote authenticated users to execute arbitrary code, possibly by uploading a file with multiple extensions into the WebLink directory.
Max CVSS
6.5
EPSS Score
3.68%
Published
2006-06-07
Updated
2018-10-18
Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), and 5.52 (English) allow remote attackers to execute arbitrary code via a long filename in a compressed (1) ALZ, (2) ARJ, (3) ZIP, (4) UUE, or (5) XXE archive.
Max CVSS
5.1
EPSS Score
3.92%
Published
2005-10-14
Updated
2017-07-11
17 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!