JVN#83917769: AttacheCase vulnerable to directory traversal

2017-01-16T00:00:00
ID JVN:83917769
Type jvn
Reporter Japan Vulnerability Notes
Modified 2017-01-16T00:00:00

Description

## Description

AttacheCase is an open source file encryption software provided by HiBARA Software. AttacheCase contains a directory traversal vulnerability (CWE-22) due to a flaw in processing filenames in ATC files.

## Impact

Decrypting a crafted ATC file may result in creation of an arbitrary file or overwriting of an existing file.

## Solution

Update the Software
Update to the latest version according to the information provided by the developer.

## Products Affected

  • AttacheCase ver.2.8.2.8 and earlier
  • AttacheCase ver.3.2.0.4 and earlier