Acubix PicoZip Archive Directory Traversal Vulnerability
BID:23471
Info
Acubix PicoZip Archive Directory Traversal Vulnerability
| Bugtraq ID: | 23471 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 13 2007 12:00AM |
| Updated: | Apr 13 2007 05:42PM |
| Credit: | Hamid Ebadi is credited with the discovery of this vulnerability. |
| Vulnerable: |
PicoZip PicoZip 4.0.2 |
| Not Vulnerable: | |
Discussion
Acubix PicoZip Archive Directory Traversal Vulnerability
PicoZip is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to extract files into directories of their choosing and overwrite arbitrary files. Successful exploits may aid in further attacks.
This issue affects PicoZip 4.02; other versions may also be affected.
PicoZip is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to extract files into directories of their choosing and overwrite arbitrary files. Successful exploits may aid in further attacks.
This issue affects PicoZip 4.02; other versions may also be affected.
Exploit / POC
Acubix PicoZip Archive Directory Traversal Vulnerability
Attackers may exploit this issue by creating malicious archive files that include files with directory-traversal strings ('../').
Attackers may exploit this issue by creating malicious archive files that include files with directory-traversal strings ('../').
Solution / Fix
Acubix PicoZip Archive Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please email us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please email us at: mailto:[email protected].
References
Acubix PicoZip Archive Directory Traversal Vulnerability
References:
References:
- PicoZip Archive Extraction Directory traversal (Bugtraq)
- PicoZip Web Site (PicoZip)