Download PeaZip 2.6.2

PeaZip  2.6.2

By Giorgio Tani  (Open Source)
User Rating

# p7zip backend updated to 9.04 (Linux)
# tightened sanitization of input strings in PeaZip GUI, as security fix against
a class of possible attacks based on code injection (ref:
http://secunia.com/advisories/35352/ http://milw0rm.com/exploits/8881 original
submission: http://retrogod.altervista.org/). To attack previos releases an
attacker could build archives containing objects with nonvalid filenames,
containing concatenated commands in the filename "hidden" to the user by making
the filename very long with spaces to trick users in non reading the latter part
of the name. If unaware users had downloaded such archive and doubleclicked or
otherwise opened the archived file entry containing the concatenated command,
would have put in execution the command (with current user rights). Fixes:

* check file/dir names for:
o non-allowed characters (0..31)
o reserved characters
o reserved file names
o unusual spacing (5 consecutive or more, like in 7-Zip GUI), as may
be intended to trick user hiding real filename
* check command string immediately before execution for:
o non-allowed characters
o reserved characters for command concatenation (|<>), not used by
PeaZip GUI
o unusual spacing

What Is the FileHippo Safety Guarantee?


We know how important it is to stay safe online so FileHippo is using virus scanning technology provided by Avira to help ensure that all downloads on FileHippo are safe. The program you are about to download is safe to be installed on your device.