CVE-2006-2006

Name of the Vulnerable Software and Affected Versions IZArc Archiver version 3.5 beta 3

Description The issue allows remote attackers to write arbitrary files via a .. (dot dot backslash) in various archive types, including .rar, .tar, .zip, .jar, and .gz archives.

Recommendations For IZArc Archiver version 3.5 beta 3, consider restricting the handling of archive files to prevent exploitation until a fix is available. As a temporary workaround, avoid using the software to extract archives from untrusted sources. At the moment, there is no information about a newer version that contains a fix for this issue.