Critical: Moderately critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: unace 1.x, unace 2.x
Ulf Härnhammar has discovered some vulnerabilities in unace, which can be exploited by malicious people to compromise a user’s system.
The vulnerabilities have been confirmed in version 1.2b. One of the buffer overflow vulnerabilities have also been reported in version 2.04, 2.2 and 2.5. Other versions may also be affected.
Successful exploitation may allow execution of arbitrary code.
Solution: Do not extract, list, or test untrusted ACE archives.
Use another product.
Full article: Secunia Advisory: SA14359