About Us | Contact Us

 


 

VUPEN Free Resources
 
  VUPEN Security Advisories
 
  VUPEN Security Blog & News
  Zero-day Attacks Monitor
  Daily Security Mailinglist
  Explanation of Terms
  Advanced Search Engine
 
   

SpeedProject Products ZIP and JAR Directory Traversal Vulnerability

VUPEN ID VUPEN/ADV-2006-0731
CVE ID CVE-2006-0890
 
CWE ID Available in VUPEN VNS Customer Area
CVSS V2 Available in VUPEN VNS Customer Area
Rated as Moderate Risk 
Impact Available in VUPEN VNS Customer Area
Authentication Level Available in VUPEN VNS Customer Area
Access Vector Available in VUPEN VNS Customer Area
Release Date 2006-02-24
Share Twitter LinkedIn Facebook Delicious Digg Slashdot

Technical Description

A vulnerability has been identified in multiple SpeedProject products, which could be exploited by malicious people to conduct directory traversal. This flaw is due to an input validation error when extracting malformed ZIP and JAR archives, which could be exploited by attackers to place malicious files in arbitrary directories by convincing a user to extract a specially crafted archive.

Affected Products

Speedproject SpeedCommander version 11.01 Build 4450 and prior
Speedproject ZipStar version 5.10 and prior
Speedproject Squeez version 5.10 and prior

Solution 

VUPEN Security is not aware of any vendor-supplied patch.

References

http://www.vupen.com/english/advisories/2006/0731
http://www.vupen.com/english/reference/6459

Credits 

Vulnerability reported by Hamid Ebadi

Changelog 

2006-02-24 : Initial release

Feedback 

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Monthly Statistics 

 

 VUPEN Security Advisories By Criticality: Aug 2010


  Critical Risk

 : 0%

  High Risk		 : 0%

  Moderate Risk		 : 0%

  Low Risk		 : 100%

Get a real-time view of the vulnerabilities affecting your systems using the VUPEN VNS reporting capabilities.
 
 

Try VUPEN VNS 

 

 





© 2004-2010 VUPEN Security - Copyright - Privacy Policy