Multiple directory traversal vulnerabilities in unace 1.2b allow attackers to overwrite arbitrary files via an ACE archive containing (1) ../ sequences or (2) absolute pathnames.