A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Marshal MailMarshal (formerly of NetIQ). Authentication is not required to exploit this vulnerability. The specific flaw exists within the extraction and scanning of ARJ compressed attachments. Due to incorrect sandboxing of extracted filenames that contain directory traversal modifiers such as "../", an attacker can cause an executable to be created in an arbitrary location. Affected are MailMarshal SMTP 5.x, 6.x, and 2006 and MailMarshal for Exchange 5.x.
96fb3659a81e9afceb913739fbac7b19661a909a3df69a48bb514072d63a0f23