Description: Ulf H
Description: Ulf Härnhammar has discovered some vulnerabilities in unace, which can be exploited by malicious people to compromise a user's system. 1) An input validation error when extracting files compressed with ACE (.ace) makes it possible extract files to arbitrary locations outside the specified directory using the "../" directory traversal sequence or an absolute path. 2) Some boundary errors in the processing of malicious ACE archives can be exploited to cause a buffer overflow by tricking a user into extracting, testing, or listing a specially crafted archive. Successful exploitation may allow execution of arbitrary code. The vulnerabilities have been confirmed in version 1.2b. Other versions may also be affected. Solution: Do not extract, list, or test untrusted ACE archives. Use another product.
*** This bug has been marked as a duplicate of 81958 ***