VYPR

Izarc

by Izarc

CVEs (4)

  • CVE-2025-46652MedApr 26, 2025
    risk 0.40cvss 6.1epss 0.00

    In IZArc through 4.5, there is a Mark-of-the-Web Bypass Vulnerability. When a user performs an extraction from an archive file that bears Mark-of-the-Web, Mark-of-the-Web is not propagated to the extracted files. NOTE: this is disputed because Mark-of-the-Web propagation can…

  • CVE-2014-2720May 27, 2014
    risk 0.00cvss epss 0.02

    IZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Central Directory entry, but launches this file on the basis of a ZIP archive's local file header, which allows user-assisted remote attackers to conduct file-extension spoofing attacks via a modified Central…

  • CVE-2010-5235Sep 7, 2012
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in IZArc Archiver 4.1.2 allows local users to gain privileges via a Trojan horse ztv7z.dll file in the current working directory, as demonstrated by a directory that contains a .arj file. NOTE: some of these details are obtained from third…

  • CVE-2006-2006Apr 25, 2006
    risk 0.00cvss epss 0.02

    Multiple directory traversal vulnerabilities in IZArc Archiver 3.5 beta 3 allow remote attackers to write arbitrary files via a ..\ (dot dot backslash) in a (1) .rar, (2) .tar, (3) .zip, (4) .jar, or (5) .gz archive. NOTE: the provenance of this information is unknown; the…