VULHUB ™

WinZip is prone to a security vulnerability when unpacking .tar archives. The problem is in the handling of pathnames. By specifying a path for an archived item which points outside the expected directory scope, the creator of the archive can cause the file to be extracted to arbitrary locations on the filesystem. An attacker may take advantage of this vulnerability to cause malicious files to be placed anywhere on a target filesystem. This issue is present when the "Extract folder names" option is checked in the extraction dialogue, which is the default setting and is used to retain the directory structure when extracting files.

WinZip is prone to a security vulnerability when unpacking .tar archives. The problem is in the handling of pathnames. By specifying a path for an archived item which points outside the expected directory scope, the creator of the archive can cause the file to be extracted to arbitrary locations on the filesystem. An attacker may take advantage of this vulnerability to cause malicious files to be placed anywhere on a target filesystem. This issue is present when the "Extract folder names" option is checked in the extraction dialogue, which is the default setting and is used to retain the directory structure when extracting files.