CVE-2010-2801

Name of the Vulnerable Software and Affected Versions cabextract versions prior to 1.3

Description The issue is related to an integer signedness error in the Quantum decompressor of cabextract. This error can be exploited by user-assisted remote attackers to cause a denial of service, resulting in an application crash, or possibly execute arbitrary code. The exploitation is possible via a crafted Quantum archive in a .cab file and is related to the libmspack library. The vulnerability may lead to a violation of confidentiality, integrity, and availability of protected information and can be exploited remotely.

Recommendations For versions prior to 1.3, update to version 1.3 or later to resolve the issue. As a temporary workaround, consider disabling the archive test mode in cabextract until a patch is available. Restrict access to crafted Quantum archives in .cab files to minimize the risk of exploitation.