F-Secure
Tools
Filzip 3.06 - Security Release
| Report ID: | SA201006409 |
| Source: | F-Secure |
| Date of Discovery: | 22.02.2010 |
| Criticality: | Undefined |
| Affects: | Filzip 3.05 and previous versions |
| Compromise From: | Unknown |
| Compromise Type: | Manipulation of data |
Summary
A vulnerability in Filzip could allow attackers to overwrite important system files.
Detailed Description
A vulnerability has been reported in Filzip that could allow overwrite of files using '..' (parent folder). Attackers may prepare archive files to overwrite files on the hard disk, or infect them with malware.
Solution
Update to Filzip 3.06
Original Reference
Filzip 3.06 - Security Release (http://filzip.com/en/)