CVE-2007-3375

high

Description

Stack-based buffer overflow in Lhaca File Archiver before 1.21 allows user-assisted remote attackers to execute arbitrary code via a crafted LZH archive, as exploited by malware such as Trojan.Lhdropper.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/35116

http://www.symantec.com/security_response/writeup.jsp?docid=2007-062506-5500-99&tabid=1

http://www.symantec.com/enterprise/security_response/weblog/2007/06/beware_of_lzh.html

http://www.securityfocus.com/bid/24604

http://www.kb.cert.org/vuls/id/871497

http://vuln.sg/lhaca121-en.html

http://secunia.com/advisories/25826

Details

Source: Mitre, NVD

Published: 2007-06-25

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.06774

Detections

Analytics