CVE-2007-3375
published 2007-06-25CVE-2007-3375: Stack-based buffer overflow in Lhaca File Archiver before 1.21 allows user-assisted remote attackers to execute arbitrary code via a crafted LZH archive, as…
PriorityP260medium6.8CVSS 2.0
AVNACMAuNCPIPAP
ITWVulnCheck KEV
Exploited in the wild
EPSS
4.70%
90.7th percentile
Stack-based buffer overflow in Lhaca File Archiver before 1.21 allows user-assisted remote attackers to execute arbitrary code via a crafted LZH archive, as exploited by malware such as Trojan.Lhdropper.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lhaca | file_archiver | <= 1.20 | — |
| wakwak | lhaca_file_archiver | <= 1.21 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Malware family 'Trojan.Lhdropper' exploits this CVE via crafted LZH archives delivered to Lhaca File Archiver before 1.21 ↗
- →The vulnerability resides in LZH Extended Header handling (header.c in lharc codebase); inspect parsing of LZH extended headers for stack-based buffer overflow conditions ↗
- →Trigger vector is a user-assisted file open of a crafted LZH archive; monitor for suspicious LZH file processing by Lhaca File Archiver versions prior to 1.21 ↗
- ·Red Hat / RHEL packages (lha) are NOT affected by this specific CVE; the lhaca flaw shares a codebase with lharc but RHEL was already patched via lha-114i-sec.patch from CVE-2004-0234 (RHSA-2004:178) ↗
- ·This CVE is essentially a re-emergence of CVE-2004-0234 due to shared codebase between Lhaca and lharc; detections or patches for CVE-2004-0234 may already cover this issue ↗
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vulncheck6.8MEDIUM
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-72gc-j98m-w58x: Stack-based buffer overflow in Lhaca File Archiver before 1
ghsa_unreviewed·2022-05-01
CVE-2007-3375 [MEDIUM] CWE-119 GHSA-72gc-j98m-w58x: Stack-based buffer overflow in Lhaca File Archiver before 1
Stack-based buffer overflow in Lhaca File Archiver before 1.21 allows user-assisted remote attackers to execute arbitrary code via a crafted LZH archive, as exploited by malware such as Trojan.Lhdropper.
GHSA
GHSA-p7w8-837g-24j4: Stack-based buffer overflow in Lhaca File Archiver before 1
ghsa_unreviewed·2022-05-01·CVSS 6.8
CVE-2007-3512 [MEDIUM] GHSA-p7w8-837g-24j4: Stack-based buffer overflow in Lhaca File Archiver before 1
Stack-based buffer overflow in Lhaca File Archiver before 1.22 allows user-assisted remote attackers to execute arbitrary code via a large LHA "Extended Header Size" value in an LZH archive, a different issue than CVE-2007-3375.
VulnCheck
lhaca file_archiver Improper Restriction of Operations within the Bounds of a Memory Buffer
vulncheck·2007·CVSS 6.8
CVE-2007-3375 [MEDIUM] lhaca file_archiver Improper Restriction of Operations within the Bounds of a Memory Buffer
lhaca file_archiver Improper Restriction of Operations within the Bounds of a Memory Buffer
Stack-based buffer overflow in Lhaca File Archiver before 1.21 allows user-assisted remote attackers to execute arbitrary code via a crafted LZH archive, as exploited by malware such as Trojan.Lhdropper.
Affected: lhaca file_archiver
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.kb.cert.org/vuls/id/871497
Red Hat
lhaca issue might affect lha packages
vendor_redhat·2007-07-01·CVSS 10.0
CVE-2007-3375 [CRITICAL] lhaca issue might affect lha packages
lhaca issue might affect lha packages
Stack-based buffer overflow in Lhaca File Archiver before 1.21 allows user-assisted remote attackers to execute arbitrary code via a crafted LZH archive, as exploited by malware such as Trojan.Lhdropper.
Statement: Not vulnerable, Red Hat do not ship the Lhaca file archiver. Note that an identical flaw was found affecting the lha file archiver in 2004, CVE-2004-0234. This issue was corrected by security update RHSA-2004:178 for Red Hat Enterprise Linux 2.1 and 3. Red Hat Enterprise Linux 4 was not vulnerable as it contained a backported patch to correct this issue from release.
No detection rules found.
No public exploits indexed.
http://secunia.com/advisories/25826http://vuln.sg/lhaca121-en.htmlhttp://www.kb.cert.org/vuls/id/871497http://www.securityfocus.com/bid/24604http://www.symantec.com/enterprise/security_response/weblog/2007/06/beware_of_lzh.htmlhttp://www.symantec.com/security_response/writeup.jsp?docid=2007-062506-5500-99&tabid=1https://exchange.xforce.ibmcloud.com/vulnerabilities/35116http://secunia.com/advisories/25826http://vuln.sg/lhaca121-en.htmlhttp://www.kb.cert.org/vuls/id/871497http://www.securityfocus.com/bid/24604http://www.symantec.com/enterprise/security_response/weblog/2007/06/beware_of_lzh.htmlhttp://www.symantec.com/security_response/writeup.jsp?docid=2007-062506-5500-99&tabid=1https://exchange.xforce.ibmcloud.com/vulnerabilities/35116
2007-06-25
Published
Exploited in the wild