On JVN#04665167 (XacRett #49 Vulnerability)

Information on the vulnerability (JVN#04665167) of XacRett #49.

Author: k.inaba (kiki at kmonos dot net)
Publication: Oct 14, 2010
Japanese Version

Status

Fixed by the version #50, released on Oct 14, 2010.

If you are using #49 or older, please update to the latest version.
The latest version is available from [ xacr51.exe ].

Issue

Just after the decompression of archives, arbitrary malicious program may be executed.

Usually, XacRett automatically opens the folder containing extracted files by Explorer. But if a file named "explorer.exe" is contained in the archive, the executable is run, instead of the Windows' Explorer.

To fix

Please update to the latest version (#50 or after).

To avoid the vulnerability while using #49 or before, you need to turn off the automatic opening of folders. For this, save the two-line text below into a file named "xacrett.ini", and place it in the same folder as "XacRett.exe".
```
[xacr]
Open=0
```

presented by k.inaba (kiki .a.t. kmonos.net) under