CVE-2010-2434

Sažetak

Buffer overflow in Arcext.dll 2.16.1 and earlier in pon software Explzh 5.62 and earlier allows remote attackers to execute arbitrary code via an LZH LHA file with a crafted header that is not properly handled during expansion.

Reference

http://jvn.jp/en/jp/JVN34729123/index.html
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000026.html
http://osvdb.org/65666
http://secunia.com/advisories/40324
http://www.ponsoftware.com/archiver/bug.htm#lzh_bufover
http://www.securityfocus.com/bid/41025
https://exchange.xforce.ibmcloud.com/vulnerabilities/59624

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

05-08-2020 - 15:35

Objavljeno

25-06-2010 - 18:30