X-Git-Url: https://wimlib.net/git/?p=wimlib;a=blobdiff_plain;f=doc%2Fimagex-apply.1.in;h=1a6d0a4114e404404f5cdb46c59ed7bd7355c035;hp=46bf7ec1708700a61e17b410a01b7364594d55e2;hb=ea914185bfdd6d2a000a341566f4dbbb7ecc2319;hpb=4f5e1d7a26589f3b5db5ca6e88d4f96c3a19d143

diff --git a/doc/imagex-apply.1.in b/doc/imagex-apply.1.in
index 46bf7ec1..1a6d0a41 100644
--- a/doc/imagex-apply.1.in
+++ b/doc/imagex-apply.1.in
@@ -386,6 +386,12 @@ WIMs, which usually contain LZMS-compressed solid blocks and may carry the
 \fI.esd\fR file extension rather than \fI.wim\fR.  However, \fI.esd\fR files
 downloaded directly by the Windows 8 web downloader have encrypted segments, and
 wimlib cannot extract such files until they are first decrypted.
+.PP
+\fIDirectory traversal attacks\fR:  wimlib validates filenames before extracting
+them and is not vulnerable to directory traversal attacks.  This is in contrast
+to Microsoft WIMGAPI/Imagex/Dism which can override arbitrary files on the
+target drive when extracting a malicious WIM file containing files named
+\fI..\fR or containing path separators.
 .SH EXAMPLES
 Extract the first image from the Windows PE image on the Windows Vista/7/8
 installation media to the directory "boot":