Vulnerability Description
Buffer overflow in Arcext.dll 2.16.1 and earlier in pon software Explzh 5.62 and earlier allows remote attackers to execute arbitrary code via an LZH LHA file with a crafted header that is not properly handled during expansion.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ponsoftware | Explzh | <= 5.62 |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN34729123/index.htmlThird Party AdvisoryVendor Advisory
- http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000026.htmlThird Party AdvisoryVDB Entry
- http://osvdb.org/65666Broken Link
- http://secunia.com/advisories/40324Third Party AdvisoryVendor Advisory
- http://www.ponsoftware.com/archiver/bug.htm#lzh_bufoverVendor Advisory
- http://www.securityfocus.com/bid/41025Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59624Third Party AdvisoryVDB Entry
- http://jvn.jp/en/jp/JVN34729123/index.htmlThird Party AdvisoryVendor Advisory
- http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000026.htmlThird Party AdvisoryVDB Entry
- http://osvdb.org/65666Broken Link
- http://secunia.com/advisories/40324Third Party AdvisoryVendor Advisory
- http://www.ponsoftware.com/archiver/bug.htm#lzh_bufoverVendor Advisory
- http://www.securityfocus.com/bid/41025Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59624Third Party AdvisoryVDB Entry
FAQ
What is CVE-2010-2434?
CVE-2010-2434 is a vulnerability with a CVSS score of 9.3 (HIGH). Buffer overflow in Arcext.dll 2.16.1 and earlier in pon software Explzh 5.62 and earlier allows remote attackers to execute arbitrary code via an LZH LHA file with a crafted header that is not properl...
How severe is CVE-2010-2434?
CVE-2010-2434 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2434?
Check the references section above for vendor advisories and patch information. Affected products include: Ponsoftware Explzh.