CVE-2017-1000472

Name of the Vulnerable Software and Affected Versions POCO C++ Libraries versions prior to 1.8

Description The issue concerns a "file path injection vulnerability" in the ZipCommon::isValidPath() function, which does not properly restrict the filename value in the ZIP header. This allows attackers to conduct absolute path traversal attacks during ZIP decompression, potentially creating or overwriting arbitrary files via a crafted ZIP file.

Recommendations For versions prior to 1.8, update to version 1.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of ZIP files from untrusted sources to minimize the risk of exploitation.