CVE-2007-4725

7-zip < 4.42 - Denial of Service

Title source: rule

Description

Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll before 4.42.00.04, as derived from Igor Pavlov 7-Zip before 4.53 beta, allows user-assisted remote attackers to execute arbitrary code via a long filename in an archive, leading to a heap-based buffer overflow.

Exploits (1)

exploitdb WORKING POC VERIFIED

by miyy3t · perlremotewindows

https://www.exploit-db.com/exploits/30565

View Code ZIP pw:eip

References (8)

[Third Party Advisory] http://secunia.com/advisories/26624

[Third Party Advisory] http://jvn.jp/jp/JVN%2362868899/index.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/25545

[Product, Third Party Advisory] http://sourceforge.net/project/shownotes.php?release_id=535160&group_id=14481

[Broken Link] http://osvdb.org/40482

[Broken Link] http://akky.cjb.net/security/7-zip3.txt

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/3086

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36459

Scores

EPSS 0.1727

EPSS Percentile 95.1%

Details

CWE

CWE-400

Status published

Products (11)

7-zip/7-zip 4.43 beta

7-zip/7-zip 4.44 beta

7-zip/7-zip 4.45 beta

7-zip/7-zip 4.46 beta

7-zip/7-zip 4.47 beta

7-zip/7-zip 4.48 beta

7-zip/7-zip 4.49 beta

7-zip/7-zip 4.50 beta

7-zip/7-zip 4.51 beta

7-zip/7-zip 4.52 beta

... and 1 more

Published Sep 05, 2007

Tracked Since Feb 18, 2026