Description: Sebastian Vandersee has reported a vulnerability in MailMarshal, which can be exploited by malicious people to compromise a vulnerable system.
An input validation error when unpacking tar archives can be exploited to extract files to arbitrary directories on the system (e.g. the "All Users" startup folder) via a file with a filename containing directory traversal modifiers in a tar archive.
The vulnerability is reported in version 6.2.1.3253 and reportedly also affects MailMarshal SMTP 5.x, 2006, and MailMarshal Exchange 5.x.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution: Apply patches (see vendor advisory for details).
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
