TITLE: StuffIt / ZipMagic Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA19010 VERIFY ADVISORY: http://secunia.com/advisories/19010/ CRITICAL: Less critical IMPACT: System access WHERE: >From remote SOFTWARE: ZipMagic Deluxe 9.x http://secunia.com/product/8343/ StuffIt Standard 9.x http://secunia.com/product/8341/ StuffIt Expander 9.x http://secunia.com/product/7064/ StuffIt Deluxe 9.x http://secunia.com/product/8340/ DESCRIPTION: Hamid Ebadi has reported a vulnerability in StuffIt and ZipMagic, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when extracting compressed archives (.tar and .zip). This makes it possible to have files extracted to arbitrary locations outside the specified directory using the "../" directory traversal sequence. Successful exploitation requires that a user is tricked into extracting a malicious archive. The vulnerability has been confirmed in StuffIt Standard 9.0.0.21 and has also been reported in the following versions: * StuffIt Deluxe 9.0 * ZipMagic Deluxe 9.0 * StuffIt Expander 9.0.0.21 Other versions may also be affected. SOLUTION: Do not extract untrusted archives. To reduce the risk, never extract files as an administrative user. PROVIDED AND/OR DISCOVERED BY: Hamid Ebadi ORIGINAL ADVISORY: http://hamid.ir/security/stuffit.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------