Description
Buffer overflow in Arcext.dll 2.16.1 and earlier in pon software Explzh 5.62 and earlier allows remote attackers to execute arbitrary code via an LZH LHA file with a crafted header that is not properly handled during expansion.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/59624
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/65666
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/41025
Vendor Advisory x_refsource_confirm
http://www.ponsoftware.com/archiver/bug.htm#lzh_bufover
Third Party Advisory, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40324
Third Party Advisory, VDB Entry third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000026.html
Third Party Advisory, Vendor Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN34729123/index.html
Scores
EPSS
0.0533
EPSS Percentile
90.1%
Details
CWE
CWE-120
Status
published
Products (1)
ponsoftware/explzh
< 5.62
Published
Jun 25, 2010
Tracked Since
Feb 18, 2026