diff --git a/src/vs/base/node/zip.ts b/src/vs/base/node/zip.ts
index 0c575be1bef3d1c525b76e1b4de96f26236b755e..bb3c6daf9d1b48a16ac7084970a669d30b7d7f18 100644
--- a/src/vs/base/node/zip.ts
+++ b/src/vs/base/node/zip.ts
@@ -72,6 +72,9 @@ function toExtractError(err: Error): ExtractError {
 function extractEntry(stream: Readable, fileName: string, mode: number, targetPath: string, options: IOptions): TPromise<void> {
 	const dirName = path.dirname(fileName);
 	const targetDirName = path.join(targetPath, dirName);
+	if (targetDirName.indexOf(targetPath) !== 0) {
+		return TPromise.wrapError(new Error(nls.localize('invalid file', "Error extracting {0}. Invalid file.", fileName)));
+	}
 	const targetFileName = path.join(targetPath, fileName);
 
 	let istream: WriteStream;