Published:2018/07/13  Last Updated:2018/07/13

JVN#55813866
Explzh vulnerable to directory traversal

Overview

Explzh provided by pon software contains a directory traversal vulnerability.

Products Affected

  • Explzh v.7.58 and earlier

Description

Explzh is a file compression/extraction software supporting multiple file formats. Explzh contains a directory traversal vulnerability (CWE-22).

Explzh is not vulnerable to relative path traversal but to absolute path traversal. Therefore, an attacker may create new files or overwrite existing files on the directory accessible with the privileges for extracting files with Explzh.

Impact

By extracting a malicious compressed file, an attacker may create arbitrary files or overwrite existing files in the directory that is different from the extraction/saving destination configured on the affected product.

Solution

Update the software
Update to the latest version according to the information provided by the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
pon software Vulnerable 2018/07/13 pon software website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Base Score: 3.3
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
CVSS v2 AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score: 4.3
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)

Credit

Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2018-0646
JVN iPedia JVNDB-2018-000079