LHA.Header.Buffer.Overflow
Description
This indicates an attack attempt to exploit a buffer overflow vulnerability in LHA archiving tool.
The vulnerability is caused by an error when the vulnerable software handles long directory or file names in an LHA archive. It allows a remote attacker to execute arbitrary code via specially crafted LHA file.
Affected Products
WinZip WinZip 9.0
RARLAB WinRar 3.20
McAfee VirusScan 9.0 and earlier versions
F-Secure Personal Express 4.5 - 4.7
F-Secure Anti-Virus 2004
F-Secure Anti-Virus 2003
Clearswift MailSweeper 4.1- 4.3.13.
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply appropriate patch from the vendor or upgrade to non-vulnerable version if available.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |