[原文]Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), and 5.52 (English) allow remote attackers to execute arbitrary code via a long filename in a compressed (1) ALZ, (2) ARJ, (3) ZIP, (4) UUE, or (5) XXE archive.
A remote overflow exists in ALZib. The application fails to perform proper bounds checking resulting in a stack-based buffer overflow. With a specially crafted ALZ archive containing a compressed file with an overly long filename, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.
Upgrade to version 6.13 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.