Published:2014/01/24 Last Updated:2014/01/24
JVN#49384502
SimZip (Simple Zip Viewer) vulnerable to directory traversal
Overview
SimZip (Simple Zip Viewer) provided by Gapless Player contains a directory traversal vulnerability.
Products Affected
- SimZip (Simple Zip Viewer) versions prior to 1.2.1
Description
SimZip (Simple Zip Viewer) provided by Gapless Player contains an issue in processing file names, which may result in a directory traversal (CWE-22) vulnerability.
Impact
A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has privileges to access.
Solution
Apply an Update
Update to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| Gapless Player | SimZip (Simple Zip Viewer) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2014-0809 |
| JVN iPedia |
JVNDB-2014-000008 |