Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In IZArc through 4.5, there is a Mark-of-the-Web Bypass Vulnerability. When a user performs an extraction from an archive file that bears Mark-of-the-Web, Mark-of-the-Web is not propagated to the extracted files. NOTE: this is disputed because Mark-of-the-Web propagation can increase risk via security-warning habituation, and because the intended control sphere for file-origin metadata (e.g., HostUrl in Zone.Identifier) may be narrower than that for reading the file's content.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
从非可信源包含Web功能例程
Vulnerability Title
IZArc 安全漏洞
Vulnerability Description
IZArc是中国IZArc社区的一个应用软件。提供压缩解压功能。 IZArc 4.5及之前版本存在安全漏洞,该漏洞源于提取带有Mark-of-the-Web的归档文件时未将标记传播到提取的文件,可能导致标记绕过。
CVSS Information
N/A
Vulnerability Type
N/A