Microsoft cabarc directory traversal

[Jelmer <jkuperus () planet nl>]

Description:

Cabarc is a command line tool to create and extract cabinet files (.cab) it
is included in the Windows Support Tools package
It is subject to a directory traversal bug similar to those found in unzip,
unarj etc..

Technical Details:

..\file fails

../file defeats the protection

Demonstration:

http://62.131.86.111/security/cabarc/demo.cab

Risk : low


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html