Winace UnAce 1.x ACE Archive Remote Directory Traversal Vulnerability

ID SSV:78817
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


A remotely exploitable client-side directory-traversal vulnerability affects Winace unace. The application fails to properly sanitize file and directory names contained within malicious ACE format archives.

An attacker may leverage this issue by distributing malicious ACE archives to unsuspecting users. This issue will allow an attacker to write files to arbitrary locations on the filesystem with the privileges of an unsuspecting user that extracts the malicious ACE archive.