unace contains a flaw that allows a local or remote attacker to traverse outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically directory traversal style attacks (e.g. ../../) or absolute paths supplied via the filenames in ACE archives. This directory traversal attack would allow the attacker to create files in arbitrary directories on the system.
Local / Remote
Loss of Integrity
Currently, there are no known upgrades or patches to correct this vulnerability for unace. Upgrade to avast! Home/Professional Edition version 4.6.691 or higher, avast! Server Edition version 4.6.489 or higher, or avast! Managed Client version 4.6.394 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.