ESTsoft ALZip MIM File Handling Buffer Overflow

Added: 08/09/2011
CVE: CVE-2011-1336
BID: 48493
OSVDB: 73684


ESTsoft ALZip is a Windows-based file compression program that can unzip 40 different zip file archives. ALZip can zip files into 8 different archives such as ZIP, EGG, TAR and others.


ESTsoft ALZip 8.21 and earlier is vulnerable to a stack buffer overflow in libETC.dll due to improper parsing of the filename or name parameter within MIM file headers if an overly long filename is provided. A remote attacker can exploit this vulnerability to execute arbitrary code by enticing a user to open a specially crafted MIM file in a vulnerable version of ALZip.


Upgrade to the 2011-06-09 release of ESTsoft ALZip version 8.21 (fixed without ersion number change), or a higher version.



Exploit works on ESTsoft ALZip 8.12 and the target user must open the exploit file in a vulnerable version of ALZip.



Back to exploit index