#VU1358 Buffer overflow in Lhaz - CVE-2007-4428
Published: December 16, 2016
Vulnerability identifier: #VU1358
Vulnerability risk: Critical
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2007-4428
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Lhaz
Lhaz
Software vendor:
Chitora
Chitora
Description
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing ZIP files. A remote attacker can create a specially crafted .zip archive, trick the victim into opening it, cause buffer overflow and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
Remediation
Install patched version 1.34b1 from vendor's website.