Estsoft : Security Vulnerabilities, CVEs, CVSS score >= 7
An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Max CVSS
7.8
EPSS Score
0.11%
Published
2022-08-05
Updated
2023-06-29
An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Max CVSS
7.8
EPSS Score
0.11%
Published
2022-08-05
Updated
2023-06-28
A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code execution. By persuading a victim to open a specially-crafted .PSD file, an attacker could execute arbitrary code.
Max CVSS
7.8
EPSS Score
0.08%
Published
2019-08-30
Updated
2019-10-09
ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission. An attacker can overwrite an executable that is launched as a service to exploit this vulnerability and execute arbitrary code with system privileges.
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-08-13
Updated
2020-10-06
Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code.
Max CVSS
7.8
EPSS Score
0.07%
Published
2019-08-13
Updated
2020-10-06
ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: %PROGRAMFILES%\ESTsoft\ALZip\Formats, %PROGRAMFILES%\ESTsoft\ALZip\Coders, %PROGRAMFILES(X86)%\ESTsoft\ALZip\Formats, or %PROGRAMFILES(X86)%\ESTsoft\ALZip\Coders.
Max CVSS
7.8
EPSS Score
0.04%
Published
2018-05-17
Updated
2018-06-19
Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execute arbitrary code execution.
Max CVSS
8.8
EPSS Score
0.13%
Published
2018-12-21
Updated
2020-08-24
Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of "AUX" as the initial substring of a filename.
Max CVSS
7.8
EPSS Score
8.86%
Published
2017-08-19
Updated
2021-05-03
Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file.
Max CVSS
9.3
EPSS Score
0.08%
Published
2012-02-22
Updated
2017-11-22
Buffer overflow in ALZip 8.21 and earlier allows remote attackers to execute arbitrary code via a crafted mim file.
Max CVSS
9.3
EPSS Score
3.93%
Published
2011-07-07
Updated
2011-07-08
Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.
Max CVSS
9.3
EPSS Score
0.19%
Published
2008-06-13
Updated
2017-11-22
11 vulnerabilities found