Home / vulnerabilities pico-traverse.txt
Posted on 17 April 2007
Source : packetstormsecurity.org Link
PicoZip Archive Extraction Directory traversal
Acubix PicoZip is an award winning file compression utility for Microsoft
Windows users.
Its intuitive user interface is extremely easy to use, while its wide
ranging support for most file compression formats
and comprehensive feature set makes PicoZip the only archive utility you
will ever need.
http://www.picozip.com
Credit:
The information has been provided by Hamid Ebadi
The original article can be found at : http://www.bugtraq.ir
http://www.bugtraq.ir/articles/advisory/picozip_directory_traversal/9
Vulnerable Systems:
Acubix PicoZip 4.02
Detail :
The vulnerability is caused due to an input validation error when extracting
files compressed with
GZ (.gz) , TAR.GZ (.tar.gz) , TAR (.tar), RAR (.rar) , JAR (.jar) and ZIP
(.zip)
This makes it possible to have files extracted to arbitrary locations
outside the specified directory (like StartUp) using the "../" directory
traversal sequence.
Successful exploitation allows execution of arbitrary code when a user e.g.
opens a malicious archive file
Solution:
Do not extract untrusted RAR , JAR ,TAR , GZ , TAR.GZ and ZIP files.
To reduce the risk, never extract files as an administrative user.
harmless exploit:
use HEAP : http://www.hamid.ir/tools/
# copyright : http://www.bugtraq.ir