DV Hardware software and download news

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news about processors, graphics cards, memory, NVIDIA, ATi, Intel, AMD, XGI
December 2, 2016 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 78 people online.

 

Latest Reviews
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
ZOWIE G-TF Rough mousepad
ROCCAT Isku FX gaming keyboard
Prolimatech Magnetic Pin
 

Follow us
RSS
 

PeaZip 2.6.2

Posted on Friday, June 12 2009 @ 14:14:40 CEST by

Flexibe, portable, secure, and free as in freedom

Changelog:
  • create 7Z, ARC, BZ2, GZ, PAQ/LPAQ, PEA, QUAD/BALZ, TAR, UPX, ZIP
  • extract 87 archive types: ACE, ARJ, CAB, DMG, ISO, LHA, RAR, UDF and many more...

    Changelog:
    • p7zip backend updated to 9.04 (Linux)
    • tightened sanitization of input strings in PeaZip GUI, as security fix against a class of possible attacks based on code injection (ref: http://secunia.com/advisories/35352/ http://milw0rm.com/exploits/8881 original submission: http://retrogod.altervista.org/). To attack previos releases an attacker could build archives containing objects with nonvalid filenames, containing concatenated commands in the filename "hidden" to the user by making the filename very long with spaces to trick users in non reading the latter part of the name. If unaware users had downloaded such archive and doubleclicked or otherwise opened the archived file entry containing the concatenated command, would have put in execution the command (with current user rights). Fixes:
       
      • check file/dir names for:
        • non-allowed characters (0..31)
        • reserved characters
        • reserved file names
        • unusual spacing (5 consecutive or more, like in 7-Zip GUI), as may be intended to trick user hiding real filename
           
      • check command string immediately before execution for:
        • non-allowed characters
        • reserved characters for command concatenation (|<>), not used by PeaZip GUI
           
        • unusual spacing

  • Program Information

    Category:
    Tools and Utilities
    Type:
    Free


    Version:
    2.6.2
    Size:
    4.76MB
    Works on:
    Windows


    Product page: here

    Download: PeaZip 2.6.2





     

    DV Hardware - Privacy statement
    All logos and trademarks are property of their respective owner.
    The comments are property of their posters, all the rest © 2002-2016 DM Media Group bvba