Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Estsoft Subscribe
Total 17 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-43665 1 Estsoft 1 Alyac 2023-02-09 N/A 5.5 MEDIUM
A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A specially-crafted PE file can lead to killing target process. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-32543 1 Estsoft 1 Alyac 2022-08-11 N/A 7.8 HIGH
An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-29886 1 Estsoft 1 Alyac 2022-08-11 N/A 7.8 HIGH
An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-21147 1 Estsoft 1 Alyac 2022-05-23 4.3 MEDIUM 5.5 MEDIUM
An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. A specially-crafted PE file can trigger this vulnerability to cause denial of service and termination of malware scan. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2017-11323 1 Estsoft 1 Alzip 2021-05-03 6.8 MEDIUM 7.8 HIGH
Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of "AUX" as the initial substring of a filename.
CVE-2019-12808 1 Estsoft 1 Altools 2020-10-06 7.2 HIGH 7.8 HIGH
ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission. An attacker can overwrite an executable that is launched as a service to exploit this vulnerability and execute arbitrary code with system privileges.
CVE-2019-12807 2 Estsoft, Microsoft 2 Alzip, Windows 2020-10-06 6.8 MEDIUM 7.8 HIGH
Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code.
CVE-2018-5196 1 Estsoft 1 Alzip 2020-08-24 6.8 MEDIUM 7.8 HIGH
Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execute arbitrary code execution.
CVE-2019-12810 2 Estsoft, Microsoft 2 Alsee, Windows 2019-10-09 6.8 MEDIUM 7.8 HIGH
A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code execution. By persuading a victim to open a specially-crafted .PSD file, an attacker could execute arbitrary code.
CVE-2006-2899 1 Estsoft 1 Internetdisk 2018-10-18 6.5 MEDIUM N/A
Unspecified vulnerability in ESTsoft InternetDISK versions before 2006/04/20 allows remote authenticated users to execute arbitrary code, possibly by uploading a file with multiple extensions into the WebLink directory.
CVE-2018-10027 1 Estsoft 1 Alzip 2018-06-19 4.6 MEDIUM 7.8 HIGH
ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: %PROGRAMFILES%\ESTsoft\ALZip\Formats, %PROGRAMFILES%\ESTsoft\ALZip\Coders, %PROGRAMFILES(X86)%\ESTsoft\ALZip\Formats, or %PROGRAMFILES(X86)%\ESTsoft\ALZip\Coders.
CVE-2012-0315 1 Estsoft 1 Alftp 2017-11-22 9.3 HIGH N/A
Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file.
CVE-2008-2702 1 Estsoft 1 Alftp 2017-11-22 9.3 HIGH N/A
Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.
CVE-2014-8494 1 Estsoft 1 Alupdate 2017-09-07 4.6 MEDIUM N/A
ESTsoft ALUpdate 8.5.1.0.0 uses weak permissions (Users: Full Control) for the (1) AlUpdate folder and (2) AlUpdate.exe, which allows local users to gain privileges via a Trojan horse file.
CVE-2005-3194 1 Estsoft 1 Alzip 2017-07-10 5.1 MEDIUM N/A
Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), and 5.52 (English) allow remote attackers to execute arbitrary code via a long filename in a compressed (1) ALZ, (2) ARJ, (3) ZIP, (4) UUE, or (5) XXE archive.
CVE-2010-5211 1 Estsoft 1 Alsee 2012-09-06 6.9 MEDIUM N/A
Untrusted search path vulnerability in ALSee 6.20.0.1 allows local users to gain privileges via a Trojan horse patchani.dll file in the current working directory, as demonstrated by a directory that contains a .ani, .bmp, .cal, .hdp, .jpe, .mac, .pbm, .pcx, .pgm, .png, .psd, .ras, .tga, or .tiff file. NOTE: some of these details are obtained from third party information.
CVE-2011-1336 1 Estsoft 1 Alzip 2011-07-07 9.3 HIGH N/A
Buffer overflow in ALZip 8.21 and earlier allows remote attackers to execute arbitrary code via a crafted mim file.