[原文]Directory traversal vulnerability in the Gapless Player SimZip (aka Simple Zip Viewer) application before 1.2.1 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename.
Simple Zip Viewer (SimZip) for Android Crafted Filename Traversal Arbitrary File Manipulation
Mobile Phone / Hand-held Device
Loss of Integrity
Simple Zip Viewer (SimZip) for Android contains a flaw that allows traversing outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically path traversal style attacks (e.g. '../') supplied via specially crafted filename. With a specially crafted request, a context-dependent attacker can manipulate arbitrary files.
It has been reported that this issue has been fixed. Upgrade to version 1.2.1, or higher, to address this vulnerability.
SimZip is prone to a directory-traversal vulnerability.
Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to create or overwrite arbitrary files in the context of the application. This may aid in further attacks.
SimZip prior to 1.2.1 are vulnerable.
Attackers can exploit this issue through a browser.
Updates are available. Please see the references or vendor advisory for more information.