• info
• discussion
• exploit
• solution
• references

Winace UnAce ACE Archive Remote Directory Traversal Vulnerability

No exploit is required to leverage this issue. The following proof-of-concept examples have been made available. The referenced ZIP file contains two ACE format archives designed to test for the vulnerability. Note that Symantec has not verified the included ACE files.

• /data/vulnerabilities/exploits/unAceDirectoryTraversalPOC.zip