The UnZip is an open source tool used for extracting zip format archives. There has been found a buffer overflow vulnerability which can be exploited to execute arbitrary code in target system. The vulnerability can be triggered by using -t parameter (unzip -t) while extracting a specially crafted .zip file.
Affected are UnZip 6.0 and earlier versions. At the moment there is no patch available. While waiting for a fresh version of UnZip to be available it's recommended to extract zip files without using -t parameter.
More information can be read here.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment