cve-2014-3697-00

Summary Malicious smiley themes could alter arbitrary files
Date 2014-10-22
CVE Number CVE-2014-3697
Discovered By Yves Younan of Cisco Talos
Fixed In Release 2.10.10

Description

A bug in the untar code on Windows could allow a malicious smiley theme to place a file anywhere on the file system, or alter an existing file when installing a smiley theme via drag and drop on Windows.

Mitigation

Fix the untar code to ensure all paths are relative.

We've launched the new site. Think we're missing something?
Read the blog post or Go to the old site