CVE-2018-10027 / Alzip 10.75

1. > [Suggested description]
2. > ESTsoft ALZip before 10.76 allows local users to execute arbitrary
3. > code via creating a malicious .DLL file and installing it in a
4. > specific directory: %PROGRAMFILES%\ESTsoft\ALZip\Formats,
5. > %PROGRAMFILES%\ESTsoft\ALZip\Coders,
6. > %PROGRAMFILES(X86)%\ESTsoft\ALZip\Formats, or
7. > %PROGRAMFILES(X86)%\ESTsoft\ALZip\Coders.
8. >
9. > ------------------------------------------
10. >
11. > [Additional Information]
12. > POC download url : https://srvlin.kr/poc/mal_x86.zip
13. >
14. > ------------------------------------------
15. >
16. > [VulnerabilityType Other]
17. > Untrusted Search Path (CWE-426)
18. >
19. > ------------------------------------------
20. >
21. > [Vendor of Product]
22. > ESTsoft
23. >
24. > ------------------------------------------
25. >
26. > [Affected Product Code Base]
27. > Alzip - 10.75.0.0 and under version
28. >
29. > ------------------------------------------
30. >
31. > [Affected Component]
32. > Alzip
33. >
34. > ------------------------------------------
35. >
36. > [Attack Type]
37. > Local
38. >
39. > ------------------------------------------
40. >
41. > [Impact Code execution]
42. > true
43. >
44. > ------------------------------------------
45. >
46. > [Attack Vectors]
47. > An attacker could exploit this vulnerability by creating a malicious DLL file and installing it in a specific directory.
48. > + 32bit : C:\Program Files\ESTsoft\ALZip\Formats\ C:\Program Files\ESTsoft\ALZip\Coders\
49. > + 64bit : C:\Program Files (x86)\ESTsoft\ALZip\Formats\, C:\Program Files (x86)\ESTsoft\ALZip\Coders\
50. >
51. > ------------------------------------------
52. >
53. > [Discoverer]
54. > KwangHyung Lee, EQST Lab, SKinfosec
55. >
56. > ------------------------------------------
57. >
58. > [Reference]
59. > https://www.altools.co.kr/Support/Notice_Contents.aspx?idx=1640&page=1&t=2
60.  
61. Use CVE-2018-10027.