1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: RubyZip CVE-2018-1000544 Activity

Attack: RubyZip CVE-2018-1000544 Activity

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects the attempt to overwrite arbitrary files and execute the code in the context of the user running the affected application.

Additional Information

RubyZip is prone to an arbitrary file-overwrite vulnerability. Specifically, this issue affects the ' Zip::File' component. An attacker can exploit this issue by using a specially crafted archive that holds directory traversal filenames.

Successful exploits may allow an attacker to overwrite arbitrary files and execute the code in the context of the user running the affected application.

Affected

  • RubyZip version 1.2.1 and prior are vulnerable; other versions may also be affected.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube