Given the past issues with .zip and .rar unpackers, unpacking an archive should
be considered a risky activity. In some sense, opening, accessing, playing, or
otherwise touching any file from an unknown source could be considered risky.
The list of issues with media files, archive files, (or
Dear [EMAIL PROTECTED],
--Friday, November 30, 2007, 1:19:49 AM, you wrote to [EMAIL PROTECTED]:
An attacker who can convince an user to extract a specially crafted
archive can overwrite arbitrary files with the permissions of the user
running gtar. If that user is root, the attacker can
Dear Rajesh Sethumadhavan,
In order to exploit this vulnerability you need to force victim to run
attacker-supplied BAT file. It's like forcing user to run
attacker-supplied .sh script under Unix. No vulnerability here, except
vulnerability in human. The second scenario is
[EMAIL PROTECTED] wrote:
An attacker who can convince an user to extract a specially crafted
archive can overwrite arbitrary files with the permissions of the user
running gtar. If that user is root, the attacker can overwrite any
file on the system.
Apparently, somebody at FreeBSD thinks can
Microsoft FTP Client Multiple Bufferoverflow
Vulnerability
#
XDisclose Advisory : XD100096
Vulnerability Discovered: November 20th 2007
Advisory Reported : November 28th 2007
Credit : Rajesh