CVE-2006-5487 - Tiptoe Attesting

Description

Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x 6.x and 2006 and MailMarshal for Exchange 5.x allows remote attackers to write arbitrary files via ..\ sequences in filenames in an ARJ compressed archive.

Reference

http://www.zerodayinitiative.com/advisories/ZDI-06-039.html http://www.marshal.com/kb/article.aspx?id=11450 http://www.securityfocus.com/bid/20999 http://securitytracker.com/id?1017209 http://secunia.com/advisories/22806 http://securityreason.com/securityalert/1857 http://www.vupen.com/english/advisories/2006/4457 https://exchange.xforce.ibmcloud.com/vulnerabilities/30188 http://www.securityfocus.com/archive/1/451143/100/0/threaded