CVE-2006-0950

Name of the Vulnerable Software and Affected Versions unalz version 0.53

Description The issue allows user-assisted attackers to overwrite arbitrary files via an ALZ archive with ".." (dot dot) sequences in a filename.

Recommendations For unalz version 0.53, consider avoiding the use of ALZ archives with ".." sequences in filenames until a patch is available. As a temporary workaround, restrict the ability to create or extract ALZ archives to minimize the risk of exploitation.