FileVista < v6.0.8.0 Insecure zip file handling

[DS MailingList <ds.mailinglist.x () gmail com>]

Hi list,

FileVista is an IIS package which installs a file server onto Windows
Server systems. More information can be obtained from their website at
http://www.gleamtech.com/filevista.

CVE-2014-8788: The zip file handling routines in FileVista leaks internal
paths when users attempt to write a zip file to a path in which the
FileVista user account does not have Write access to. The internal path is
the path at which FileVista is installed onto
("c:\\inetpub\\wwwroot\\FileVista" by default).

CVE-2014-8789: The zip file extraction routine does not validate the stated
path of the extracted files. Malicious users may modify the contents of the
zip file to cause the constituent files to be extracted above the normal
zip file root path. In certain misconfigurations, this could cause the user
to write aspx files to the "wwwroot/FileVista" directory and execute
arbitrary code.

GleamTech has released a new version of the FileVista software (v6.1) which
addresses the above issues.

/DS

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/