Buffer overflow in Arcext.dll 2.16.1 and earlier in pon software Explzh 5.62 and earlier allows remote attackers to execute arbitrary code via an LZH LHA file with a crafted header that is not properly handled during expansion.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ponsoftware | explzh | * |
Untrusted search path vulnerability in Explzh 5.67 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-426,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ponsoftware | explzh | * |
Untrusted search path vulnerability in Archive Decoder 1.23 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ponsoftware | archive_decoder | 1.11 |
| ponsoftware | archive_decoder | 1.12 |
| ponsoftware | archive_decoder | 1.13 |
| ponsoftware | archive_decoder | 1.03 |
| ponsoftware | archive_decoder | 1.05 |
| ponsoftware | archive_decoder | 1.07 |
| ponsoftware | archive_decoder | 1.09 |
| ponsoftware | archive_decoder | 1.01 |
| ponsoftware | archive_decoder | 1.08 |
| ponsoftware | archive_decoder | 1.02 |
| ponsoftware | archive_decoder | 1.00 |
| ponsoftware | archive_decoder | 1.06 |
| ponsoftware | archive_decoder | 1.21 |
| ponsoftware | archive_decoder | * |
| ponsoftware | archive_decoder | 1.22 |
| ponsoftware | archive_decoder | 1.04 |
| ponsoftware | archive_decoder | 1.20 |
Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ponsoftware | explzh | * |