CVE-2025-29864
📋 TL;DR
This vulnerability allows attackers to bypass Windows SmartScreen protection mechanisms when using ESTsoft ALZip on Windows systems. Attackers could trick users into executing malicious files that would normally be blocked. This affects ALZip users running versions from 12.01 up to (but not including) 12.29.
💻 Affected Systems
- ESTsoft ALZip
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Users could execute arbitrary malicious code with the same privileges as the current user, leading to full system compromise, data theft, or ransomware deployment.
Likely Case
Attackers deliver malware, trojans, or ransomware through seemingly legitimate archive files that bypass security warnings.
If Mitigated
With proper endpoint protection and user awareness, the risk is reduced to potential execution of non-malicious but unexpected files.
🎯 Exploit Status
Exploitation requires user interaction to open a malicious archive file. The vulnerability bypasses SmartScreen warnings but doesn't automatically execute code.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 12.29 or later
Vendor Advisory: https://altools.co.kr/product/ALZIP
Restart Required: No
Instructions:
1. Open ALZip. 2. Go to Help > Check for Updates. 3. Follow prompts to update to version 12.29 or later. 4. Alternatively, download and install the latest version from the official website.
🔧 Temporary Workarounds
Disable ALZip file association
windowsPrevent ALZip from automatically opening archive files by changing default file associations to another application.
Control Panel > Default Programs > Set Default Programs > Choose another program for .zip/.rar/etc
Enable additional SmartScreen settings
windowsConfigure Windows SmartScreen to check apps and files from the Microsoft Store and the web.
Windows Security > App & browser control > Check apps and files > Set to 'Warn' or 'Block'
🧯 If You Can't Patch
- Implement application whitelisting to block execution of ALZip or restrict it to trusted directories
- Deploy endpoint detection and response (EDR) solutions to monitor for suspicious archive file execution
🔍 How to Verify
Check if Vulnerable:
Open ALZip, go to Help > About ALZip, check if version is between 12.01 and 12.28 inclusive.Check Version:
wmic product where name="ALZip" get versionVerify Fix Applied:
Verify ALZip version is 12.29 or higher in Help > About ALZip.📡 Detection & Monitoring
Log Indicators:
- Windows SmartScreen events showing bypass for archive files
- ALZip process execution followed by unexpected child processes
Network Indicators:
- Downloads of archive files from untrusted sources followed by immediate execution
SIEM Query:
EventID=4688 AND (ProcessName="ALZip.exe" OR ParentProcessName="ALZip.exe") AND CommandLine CONTAINS ".zip" OR ".rar" OR ".7z"