CVE-2005-3030

Name of the Vulnerable Software and Affected Versions AhnLab V3Pro versions 2004 build 6.0.0.383 AhnLab V3 VirusBlock versions 2005 build 6.0.0.383 AhnLab V3Net for Windows Server versions 6.0 build 6.0.0.383

Description The issue allows remote attackers to write arbitrary files via a .. (dot dot) in the filename in a compressed archive, due to a directory traversal vulnerability in the archive decompression library.

Recommendations For AhnLab V3Pro version 2004 build 6.0.0.383, consider restricting access to the archive decompression library until a patch is available. For AhnLab V3 VirusBlock version 2005 build 6.0.0.383, avoid using the archive decompression feature with untrusted compressed archives until the issue is resolved. For AhnLab V3Net for Windows Server version 6.0 build 6.0.0.383, as a temporary workaround, consider disabling the decompression of archives from untrusted sources.