The Unix port of UnZip 5.52 is reported to have a race-condition vulnerability, whereby a local attacker could change the permissions of the user's files during unpacking. (This has been assigned CVE ID CAN-2005-2475.) |
All versions of UnZip through 5.50 have a number of directory-traversal vulnerabilities, and version 5.50 also has a textmode>FAQ page for details. |
|
Copyright © 1995-2008 Greg Roelofs. UnZip is maintained by Christian Spieler. |