cbcvebase.
CVE-2007-3375
published 2007-06-25

CVE-2007-3375: Stack-based buffer overflow in Lhaca File Archiver before 1.21 allows user-assisted remote attackers to execute arbitrary code via a crafted LZH archive, as…

PriorityP260medium6.8CVSS 2.0
AVNACMAuNCPIPAP
ITWVulnCheck KEV
Exploited in the wild
EPSS
4.70%
90.7th percentile
Stack-based buffer overflow in Lhaca File Archiver before 1.21 allows user-assisted remote attackers to execute arbitrary code via a crafted LZH archive, as exploited by malware such as Trojan.Lhdropper.

Affected

2 ranges
VendorProductVersion rangeFixed in
lhacafile_archiver<= 1.20
wakwaklhaca_file_archiver<= 1.21

Detection & IOCsextracted from sources · hover to see the quote

  • Malware family 'Trojan.Lhdropper' exploits this CVE via crafted LZH archives delivered to Lhaca File Archiver before 1.21
  • The vulnerability resides in LZH Extended Header handling (header.c in lharc codebase); inspect parsing of LZH extended headers for stack-based buffer overflow conditions
  • Trigger vector is a user-assisted file open of a crafted LZH archive; monitor for suspicious LZH file processing by Lhaca File Archiver versions prior to 1.21
  • ·Red Hat / RHEL packages (lha) are NOT affected by this specific CVE; the lhaca flaw shares a codebase with lharc but RHEL was already patched via lha-114i-sec.patch from CVE-2004-0234 (RHSA-2004:178)
  • ·This CVE is essentially a re-emergence of CVE-2004-0234 due to shared codebase between Lhaca and lharc; detections or patches for CVE-2004-0234 may already cover this issue

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vulncheck6.8MEDIUM
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.