unace Directory Traversal and Buffer Overflow Vulnerabilities

Secunia Advisory: SA14359

Critical: Moderately critical

Impact: System access

Where: From remote

Solution Status: Unpatched

Software: unace 1.x, unace 2.x

Ulf Härnhammar has discovered some vulnerabilities in unace, which can be exploited by malicious people to compromise a user’s system.

The vulnerabilities have been confirmed in version 1.2b. One of the buffer overflow vulnerabilities have also been reported in version 2.04, 2.2 and 2.5. Other versions may also be affected.

Successful exploitation may allow execution of arbitrary code.

Solution: Do not extract, list, or test untrusted ACE archives.

Use another product.

Full article: Secunia Advisory: SA14359