A directory traversal vulnerability in HAURI Anti-Virus products, including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall, allows remote attackers to overwrite arbitrary files via ".." sequences in filenames contained in (1) ACE, (2) ARJ, (3) CAB, (4) LZH, (5) RAR, (6) TAR and (7) ZIP files.
ViRobot Expert 4.0
ViRobot Advanced Server
ViRobot Linux Server 2.0
Successful exploitation allows writing of files to arbitrary
directories, which can potentially lead to code execution (e.g. by
overwriting certain startup files), but requires that compressed file
scanning is enabled.
ViRobot Linux Server 2.0:
ViRobot Expert 4.0 / ViRobot Advanced Server / LiveCall:
Updated version available via online update is still vulnerable when
scanning certain archive types.
Disable compressed file scanning and scan files only after they have
been confirmed not to contain directory traversal sequences in their
filenames and correctly extracted.