PicoZip Archive Extraction Directory traversal
Acubix PicoZip is an award winning file compression utility for Microsoft
Windows users.
Its intuitive user interface is extremely easy to use, while its wide
ranging support for most file compression formats
and comprehensive feature set makes PicoZip the only archive utility you
will ever need.

http://www.picozip.com

Credit:
The information has been provided by Hamid Ebadi

The original article can be found at : http://www.bugtraq.ir

http://www.bugtraq.ir/articles/advisory/picozip_directory_traversal/9

Vulnerable Systems:
Acubix PicoZip 4.02

Detail :

The vulnerability is caused due to an input validation error when extracting
files compressed with
GZ (.gz) , TAR.GZ (.tar.gz) , TAR (.tar), RAR (.rar) , JAR (.jar) and ZIP
(.zip)
This makes it possible to have files extracted to arbitrary locations
outside the specified directory (like StartUp)  using the "../" directory
traversal sequence.

Successful exploitation allows execution of arbitrary code when a user e.g.
opens a malicious archive file

Solution:
Do not extract untrusted  RAR , JAR ,TAR , GZ , TAR.GZ  and ZIP  files.
To reduce the risk, never extract files as an administrative user.

harmless exploit:
use HEAP  : http://www.hamid.ir/tools/

# copyright : http://www.bugtraq.ir