[原文]Multiple directory traversal vulnerabilities in IZArc Archiver 3.5 beta 3 allow remote attackers to write arbitrary files via a ..\ (dot dot backslash) in a (1) .rar, (2) .tar, (3) .zip, (4) .jar, or (5) .gz archive. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
IZArc contains a flaw that allows a remote attacker to extract files to arbitrary locations on the filesystem, possibly overwriting system binaries and other sensitive or confidential information. The issue is due to IZArc not properly sanitizing pathnames for archived files, specifically pathnames that include directory traversal style attacks (../../).
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.