CVE-2018-20250

CVE-2018-20250

By crafting the filename field of the ACE format, the destination folder (extraction folder) is ignored, and the relative path in the filename field becomes an absolute Path. This logical bug, allows the extraction of a file to an arbitrary location which is effectively code execution.

Source: CVE-2018-20250

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다