Home / vulnerabilities

PDF

pico-traverse.txt

Posted on 17 April 2007
Source : packetstormsecurity.org Link

 

PicoZip Archive Extraction Directory traversal
Acubix PicoZip is an award winning file compression utility for Microsoft
Windows users.
Its intuitive user interface is extremely easy to use, while its wide
ranging support for most file compression formats
and comprehensive feature set makes PicoZip the only archive utility you
will ever need.

http://www.picozip.com

Credit:
The information has been provided by Hamid Ebadi

The original article can be found at : http://www.bugtraq.ir

http://www.bugtraq.ir/articles/advisory/picozip_directory_traversal/9

Vulnerable Systems:
Acubix PicoZip 4.02

Detail :

The vulnerability is caused due to an input validation error when extracting
files compressed with
GZ (.gz) , TAR.GZ (.tar.gz) , TAR (.tar), RAR (.rar) , JAR (.jar) and ZIP
(.zip)
This makes it possible to have files extracted to arbitrary locations
outside the specified directory (like StartUp) using the "../" directory
traversal sequence.

Successful exploitation allows execution of arbitrary code when a user e.g.
opens a malicious archive file

Solution:
Do not extract untrusted RAR , JAR ,TAR , GZ , TAR.GZ and ZIP files.
To reduce the risk, never extract files as an administrative user.

harmless exploit:
use HEAP : http://www.hamid.ir/tools/

# copyright : http://www.bugtraq.ir

 

TOP