2 matches found
CVE-2010-5274
CVE-2010-5274 affects PKWARE PKZIP (versions 12.50.0013 and earlier). The flaw is an untrusted search path/DLL hijack allowing local privilege escalation via a malicious dwmapi.dll placed in the current working directory. Connected sources (Red Hat, NVD, Kaspersky) confirm local exploitation and ...
CVE-2001-1270
CVE-2001-1270 affects the PKZip console tool (pkzipc) 4.00 and earlier. The vulnerability is a directory traversal during archive extraction when using the -rec option, allowing an attacker to overwrite arbitrary files via a .. path in archived filenames. The available documents confirm the affec...