|
|
|
|
| |
Credit:
The information has been provided by ZDI Disclosures.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-06-039.html
|
| |
The specific flaw exists within the extraction and scanning of ARJ compressed attachments. Due to incorrect sandboxing of extracted filenames that contain directory traversal modifiers such as "../", an attacker can cause an executable to be created in an arbitrary location.
While currently existing files can not be over written, an attacker may leverage this vulnerability in a number of ways. For example, by placing a malicious binary in the "all users" startup folder.
Vendor Response:
Marshal has issued an update to correct this vulnerability. More details can be found at: http://www.marshal.com/kb/article.aspx?id=11450
Disclosure Timeline:
2006.07.17 - Vulnerability reported to vendor
2005.10.24 - Digital Vaccine released to TippingPoint customers
2006.11.10 - Coordinated public release of advisory
CVE Information:
CVE-2006-5487
|
|
|
|
|
