SzafirHost contains a critical archive parsing inconsistency that could allow an attacker to bypass security checks and execute malicious native libraries.

This is a logic flaw where the application verifies an archive using one parsing method (JarFile) but performs extraction using another (JarInputStream). This discrepancy allows an attacker to craft an archive that passes initial security validation but extracts unauthorized or malicious content.

With a CVSS score of 8.6, this vulnerability poses a high risk of remote code execution. By bypassing the intended integrity verification, an attacker could force the application to load and execute malicious code, leading to total application compromise and potential exfiltration of sensitive data handled by the host.

Immediate Action: Update SzafirHost to the latest version released by the vendor to ensure consistent archive verification logic.

Proactive Monitoring: Monitor for unexpected execution of native libraries or anomalous child process creation originating from the SzafirHost service.

Compensating Controls: Implement endpoint protection solutions that monitor for the loading of unsigned or suspicious DLLs/shared objects within the application's runtime environment.

Public Exploit Available: false

The reliance on inconsistent parsing methods represents a serious security oversight. Organizations must apply the vendor's remediation immediately to ensure that native library execution is properly validated and that the attack surface for code injection is closed.