Slashdot Mirror

← Back to Stories (view on slashdot.org)

StuffIt 6.5.x and Earlier Allows Buffer Overflow

Posted by pudge on from the security-good-overflow-bad dept.

A user writes in that Aladdin Systems has announced that StuffIt, versions 6.5.x and earlier for Mac OS and Mac OS X, "may contain a flaw that would cause expanding certain maliciously crafted .zip archives to execute unwanted instructions or code." Aladdin notes that no such "trojan horses" have been reported. StuffIt Expander 7.0 is, as with previous versions, free to download and use.

2 of 62 comments (clear)

  1. Just Use Info-zip For ".zip"s by cmholm · · Score: 5, Informative
    For those who don't want to upgrade to Stuffit Extractor 7.0 for whatever reason:

    If you're using MacOS 9 or earlier, the potential for buffer overflows is meaningless. It wouldn't be the first time your system bailed, anyway.

    For the OS X user, just adjust your browser to make Info-zip the zip file helper, and surf over to Info-zip's site to download the source or binary.

    --
    Luke, help me take this mask off ... Just for once, let me butterfly kiss you with my own eyes.
  2. Non-registration download for Stuffit Expander by foo12 · · Score: 5, Informative

    Going through Aladdin's web site requires you to fill out a short (marketing) form before downloading Expander. Fortunately, Aladdin also has anonymous ftp access

    ftp://ftp.aladdinsys.com/