IPA/ISEC：Vulnerabilities：Security Alert for Lhaplus Vulnerability

April 28, 2008
>> JAPANESE

1.Overview

Lhaplus is a file compression/decompression software to reduce the size of electronic files. It supports the data compression format lzh and zip for instance. Lhaplus is vulnerable to buffer overflow due to the problem in the decompression process. When exploited, an attacker could execute arbitrary code on the computer installed with Lhaplus.

This vulnerability is different from “Security Alert for Lhaplus Vulnerability” issued on September 21, 2007 and on November 22, 2007.

For the latest information, please refer to:
http://jvndb.jvn.jp/contents/en/2008/JVNDB-2008-000022.html

The following creditee reported this vulnerability to IPA on February 13, 2008. JPCERT Coordination Center (JPCERT/CC) coordinated with the product vendors and published the vulnerability on April 28, 2008, under Information Security Early Warning Partnership.
Credit: Yuji Ukai of Fourteenforty Research Institute, Inc.

2.Impact

An attacker could execute unauthorized programs, delete files and install malicious tools such as bot and virus software when a user open (decompresses) a specially crafted file obtained via emails, web sites or file exchange software.

3.Solution

To fix the problem, update to the fixed version provided by the product vendor.

4.CVSS Severity

(1)Evaluation Result

(2) Base Score Metrics

■:Selected Values

Contact