CVE-2001-1270

Name of the Vulnerable Software and Affected Versions: PKZip versions 4.00 and earlier

Description: The issue allows attackers to overwrite arbitrary files during archive extraction with the -rec (recursive) option via a .. (dot dot) attack on the archived files. This is a directory traversal vulnerability in the console version of PKZip.

Recommendations: For PKZip versions 4.00 and earlier, consider avoiding the use of the -rec (recursive) option during archive extraction until a fix is available. As a temporary workaround, restrict the extraction of archives to a secure, isolated directory to minimize potential damage from a .. (dot dot) attack.