A screenshot from one such email client is shown below. Without disclosing too much details, it has been confirmed that there are indeed email clients that allow this to be exploited.
#Pkware zipreader zip file
More specifically, an attacker can send a user an email containing a ZIP file attachment with directory traversal sequences in the attachment filename and tricking the user to open the attachment from the email client using SecureZIP. This can potentially be exploited in conjunction with an email client to overwrite files in arbitrary locations within the SD card of the user's Android device. If the display name contains directory traversal sequences, the resulting temporary file will be written by SecureZip outside of SecureZip's temp directory. SecureZIP does not properly sanitize the value of the returned display name before using it create a temporary filename to store the ZIP attachment. When SecureZip is choosen, it will query the email client (content provider) for the display name and the content of the ZIP attachment. When the user, clicks a ZIP file attachment in an email, he will be given a choice to choose from list of handlers that are able to open the ZIP attachment.
![pkware zipreader pkware zipreader](https://img.informer.com/p9/zip-reader-v8-log-window.png)
This allows it to be used by email clients to open ZIP file attachments in emails. When SecureZIP is installed on an Android device, it is registered as the handler for the URI type content:// with mime-type application/x-zip-compressed.
![pkware zipreader pkware zipreader](http://boatbela.weebly.com/uploads/1/2/6/4/126452635/567757808.png)
When exploited, this vulnerability allow an anonymous attacker to write files to arbitrary locations within the SD card of the user's Android device. This advisory discloses a directory traversal vulnerability in PKWARE SecureZIP Reader for Android. When exploited, this vulnerability allows an anonymous attacker to write files to arbitrary locations within the SD card of the user's Android device. PKWARE SecureZIP Reader for Android Content Handling Directory TraversalĪ directory traversal vulnerability has been found in PKWARE SecureZIP Reader for Android. PKWARE SecureZIP Reader for Android Content Handling Directory Traversal vuln.sg Vulnerability Research Advisory