Pinnacle Hollywood FX contains a flaw that may allow a malicious user to compromise a user's system. The issue is triggered by an input validation error in InstallHFZ.exe while opening Hollywood FX archives. It is possible that the flaw may allow a context-dependent attacker to write files to arbitrary directories through archives which contain directory traversal sequences included within the compressed filename resulting in a loss of integrity.

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

• CVE ID: 2009-1743 (see also: NVD)
• Bugtraq ID: 34936
• Secunia Advisory ID: 35078
• ISS X-Force ID: 50510
• Exploit Database: 8670
• Milw0rm: 8670
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2009-05/0134.html
• Other Advisory URL: http://retrogod.altervista.org/9sg_pinnacle_studio_12_hfz.htm
• Packet Storm: http://www.packetstormsecurity.org/0905-exploits/pinnaclestudio-traversal.txt
• Vendor URL: http://www.pinnaclesys.com/

• pyrokinesis -