~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Application: WinAce, WinHKI Vendors: http://www.webtoolmaster.com Versions: 1.4d Platforms: Windows Bug: ZIP File Directory Transversal Exploitation: Local (extract file) Date: 24 Dec 2004 Author: Rafel Ivgi, The-Insider E-Mail: the_insider@mail.com Website: http://theinsider.deep-ice.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1) Introduction 2) Bugs 3) The Code ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ =============== 1) Introduction =============== WinHKI is a file archiever which supports: BH, CAB, HKI, JAR, LHA,TAR, GZ compressions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ====== 2) Bug ====== This is a normal ZIP compressed file header 00000000 504B 0304 1400 0200 0800 CC81 0C2F B78F PK.........../.. 00000010 F209 3C2F 0F00 C8EE 0F00 0700 0000 7370 ..