CVE-2018-10027 Information

Description

ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: PROGRAMFILES\ESTsoft\ALZip\Formats PROGRAMFILES\ESTsoft\ALZip\Coders PROGRAMFILES(X86)\ESTsoft\ALZip\Formats or PROGRAMFILES(X86)\ESTsoft\ALZip\Coders.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://pastebin.com/XHMeS7pQ https://www.altools.co.kr/Support/Notice_Contents.aspx?idx=1640&page=1&t=2

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8