Multiple vulnerabilities has been found and corrected in cabextract: The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service via a malformed MSZIP archive in a .cab file during a test or extract action, related to the libmspack library . Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library . Packages for 2009.0 are provided as of the Extended Maintenance Program