WinAce Archiver versions 2.6 and below are susceptible to a directory traversal attack when fed a malicious RAR or TAR file.
ac1620c545b765e381ee1711f9bad0b294b6f1193c8e749431f4df0125cbca8bWinAce Archiver v2.6 Directory traversal
ACE Cmpression Software & e-merge GmbH
http://www.winace.com
Credit:
The information has been provided by Hamid Ebadi
( Hamid Network Security Team) : admin@hamid.ir.
The original article can be found at :
http://hamid.ir/security
Vulnerable Systems:
WinAce Archiver v2.6 and Below
Detail :
Directory traversal while extracting (.RAR),(.TAR)
What is Directory traversal in archivers?
that allowed one to create malicous archive files,
which would overwrite system files or place dangerous
files in defined directory(example :shell.php in
wwwroot directory)
This could be abused by sending an archive to a local
user who would unzip / untar an archive, the archive
would then be able to overwrite any file to which the
user has write permissions, thus it could also be
abused if a system ran som antivirus software which
automatically opened archive files.
harmless exploit:
use HEAP [Hamid Evil Archive Pack]
you can find it from Hamid Network Security Team:
http://www.hamid.ir/tools/
want to know more ?
http://www.hamid.ir/paper
Signature
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed