StuffIt 6.5.x and Earlier Allows Buffer Overflow

A user writes in that Aladdin Systems has announced that StuffIt, versions 6.5.x and earlier for Mac OS and Mac OS X, "may contain a flaw that would cause expanding certain maliciously crafted .zip archives to execute unwanted instructions or code." Aladdin notes that no such "trojan horses" have been reported. StuffIt Expander 7.0 is, as with previous versions, free to download and use.

Heh, buffer overflow in Windows's ZIP handling too

[Dahan]

Microsoft copying Apple yet again...

Unchecked Buffer in File Decompression Functions Could Lead to Code Execution (Q329048):

Two vulnerabilities exist in the Compressed Folders function:

• An unchecked buffer exists in the programs that handles the decompressing of files from a zipped file. A security vulnerability results because attempts to open a file with a specially malformed filename contained in a zipped file could possibly result in Windows Explorer failing, or in code of the attacker's choice being run.
• The decompression function could place a file in a directory that was not the same as, or a child of, the target directory specified by the user as where the decompressed zip files should be placed. This could allow an attacker to put a file in a known location on the users system, such as placing a program in a startup directory