Buffer overflow in Lhaz - CVE-2007-4428
Published: December 16, 2016
Vulnerability identifier: #VU1358
CSH Severity: Critical
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2007-4428
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Chitora
Affected software:
Lhaz
Lhaz
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing ZIP files. A remote attacker can create a specially crafted .zip archive, trick the victim into opening it, cause buffer overflow and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
How to mitigate CVE-2007-4428
Install patched version 1.34b1 from vendor's website.