Published: 2017/01/16  Last Updated: 2017/01/16

Information from HiBARA Software

Vulnerability ID:JVN#83917769
Title:AttacheCase vulnerable to directory traversal
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

A vulnerability of directory traversal was found in the encryption tool "AttacheCase" which is published on this site. If this decrypts an altered encrypted file by malicious attackers, it will be expanded into an unintended directory file.

We have confirmed the vulnerability in both the old version (ver.2.8.2.8 or earlier) and the current version (ver.3.2.0.4 or earlier), and those who use these earlier "AttacheCase" should promptly upgrade to a fixed version.