HAURI Anti-Virus Compressed Files Directory Traversal Vulnerability

HAURI Anti-Virus is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An unauthorized user can write files to arbitrary locations by supplying directory traversal strings '../' in archived file names. Exploitation of this vulnerability could lead to a loss of integrity and possibly availability. An attacker can exploit this vulnerability to possibly cause a denial of service in the affected application. This may aid in further attacks against the underlying system once the anti-virus software has been disabled.


Privacy Statement
Copyright 2010, SecurityFocus