Izarc : Security Vulnerabilities, CVEs,

CVE-2014-2720

IZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Central Directory entry, but launches this file on the basis of a ZIP archive's local file header, which allows user-assisted remote attackers to conduct file-extension spoofing attacks via a modified Central Directory, as demonstrated by unintended code execution prompted by a .jpg extension in the Central Directory and a .exe extension in the local file header.
Max CVSS
6.8
EPSS Score
1.08%
Published
2014-05-27
Updated
2014-05-29

CVE-2010-5235

Untrusted search path vulnerability in IZArc Archiver 4.1.2 allows local users to gain privileges via a Trojan horse ztv7z.dll file in the current working directory, as demonstrated by a directory that contains a .arj file. NOTE: some of these details are obtained from third party information.
Max CVSS
6.9
EPSS Score
0.04%
Published
2012-09-07
Updated
2012-09-07
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close