izarc CVE Vulnerabilities & CVE List (3)

Products (CPE): — CVEs: 3

izarc vulnerability overview

This page aggregates publicly disclosed CVE and security risk information related to izarc, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.

Vulnerability distribution trend (last 24 months)

Showing 13 of 3 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2025-46652 In IZArc through 4.5, there is a Mark-of-the-Web Bypass Vulnerability. When a user performs an extraction from an archive file that bears Mark-of-the-Web, Mark-of-the-Web is not propagated to the extracted files. NOTE: this is disputed because Mark-of-the-Web propagation can increase risk via security-warning habituation, and because the intended control sphere for file-origin metadata (e.g., HostUrl in Zone.Identifier) may be narrower than that for reading the file's content. [email protected] 6.1 0.26% 2025-04-26 2026-06-17
CVE-2014-2720 IZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Central Directory entry, but launches this file on the basis of a ZIP archive's local file header, which allows user-assisted remote attackers to conduct file-extension spoofing attacks via a modified Central Directory, as demonstrated by unintended code execution prompted by a .jpg extension in the Central Directory and a .exe extension in the local file header. [email protected] 6.8 2.31% 2014-05-27 2026-06-16
CVE-2010-5235 Untrusted search path vulnerability in IZArc Archiver 4.1.2 allows local users to gain privileges via a Trojan horse ztv7z.dll file in the current working directory, as demonstrated by a directory that contains a .arj file. NOTE: some of these details are obtained from third party information. [email protected] 6.9 0.40% 2012-09-07 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence