CVE-2021-20692 – A directory traversal vulnerability in Archive ... (How to Fix)

Q: What is the severity of CVE-2021-20692?

CVE-2021-20692 has a CVSS score of 7.1 (HIGH). A directory traversal vulnerability in Archive collectively operation utility allows attackers to create or overwrite files anywhere on the system by tricking users into extracting malicious ZIP archives. This affects versions 2.10.1.0 and earlier of the software. Users who extract untrusted ZIP files with this utility are vulnerable.

📋 TL;DR

A directory traversal vulnerability in Archive collectively operation utility allows attackers to create or overwrite files anywhere on the system by tricking users into extracting malicious ZIP archives. This affects versions 2.10.1.0 and earlier of the software. Users who extract untrusted ZIP files with this utility are vulnerable.

💻 Affected Systems

Products:

Archive collectively operation utility

Versions: 2.10.1.0 and earlier

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the ZIP archive extraction functionality.

📦 What is this software?

Archive Collectively Operation Utility by Eikisoft

View all CVEs affecting Archive Collectively Operation Utility →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through arbitrary file overwrite, potentially leading to remote code execution, data destruction, or privilege escalation.

🟠

Likely Case

Local file system corruption, data loss, or malware installation through overwritten system files.

🟢

If Mitigated

Limited impact if user runs with minimal privileges and only extracts trusted archives.

🌐 Internet-Facing: MEDIUM - Requires user interaction but can be delivered via email or web downloads.

🏢 Internal Only: MEDIUM - Internal users could be tricked into extracting malicious archives.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction to extract a malicious ZIP file.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.10.2.0 or later

Vendor Advisory: http://www.eikisoft.com/release01.html

Restart Required: No

Instructions:

1. Download latest version from vendor website. 2. Uninstall current version. 3. Install updated version. 4. Verify version is 2.10.2.0 or higher.

🔧 Temporary Workarounds

Use alternative archive software

windows

Use Windows built-in ZIP functionality or other trusted archive utilities instead.

Restrict user privileges

windows

Run software with limited user account privileges to reduce impact of file overwrites.

🧯 If You Can't Patch

Educate users to never extract ZIP files from untrusted sources with this utility
Implement application whitelisting to block execution of the vulnerable software

🔍 How to Verify

Check if Vulnerable:

Check software version in Help > About menu. If version is 2.10.1.0 or earlier, system is vulnerable.

Check Version:

Check Help > About menu in the application interface

Verify Fix Applied:

Verify version is 2.10.2.0 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Unusual file creation/modification events in system logs
Archive utility process spawning unexpected file operations

Network Indicators:

Downloads of ZIP files followed by archive utility execution

SIEM Query:

Process Creation where Image contains 'archive' AND CommandLine contains '.zip'

📊 Metadata

CVE ID: CVE-2021-20692

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CWE: CWE-22

Published: April 7, 2021

Last Updated: November 21, 2024

🔗 References

http://www.eikisoft.com/release01.html Release Notes,Vendor Advisory
https://jvn.jp/en/jp/JVN73236007/index.html Third Party Advisory
http://www.eikisoft.com/release01.html Release Notes,Vendor Advisory
https://jvn.jp/en/jp/JVN73236007/index.html Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-20692, you might also want to check these: