{"api_version":"1","generated_at":"2026-04-24T13:52:08+00:00","cve":"CVE-2002-1139","urls":{"html":"https://cve.report/CVE-2002-1139","api":"https://cve.report/api/cve/CVE-2002-1139.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2002-1139","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2002-1139"},"summary":{"title":"CVE-2002-1139","description":"The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka \"Incorrect Target Path for Zipped File Decompression.\"","state":"PUBLISHED","assigner":"mitre","published_at":"2002-10-11 04:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054","name":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Microsoft Security Bulletin MS02-054 - Important | Microsoft Docs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/5876","name":"http://www.securityfocus.com/bid/5876","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Microsoft Compressed Folders Hostile Decompression Path Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.iss.net/security_center/static/10252.php","name":"http://www.iss.net/security_center/static/10252.php","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"ISS X-Force Database: win-zip-incorrect-path (10252): Windows zipped file decompression incorrect target path","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2002-1139","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2002-1139","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2002","cve_id":"1139","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"windows_98_plus_pack","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2002","cve_id":"1139","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_me","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2002","cve_id":"1139","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_xp","cpe6":"*","cpe7":"*","cpe8":"home","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2002","cve_id":"1139","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_xp","cpe6":"*","cpe7":"gold","cpe8":"professional","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2002","cve_id":"1139","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_xp","cpe6":"*","cpe7":"sp1","cpe8":"home","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T03:12:17.130Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"MS02-054","tags":["vendor-advisory","x_refsource_MS","x_transferred"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054"},{"name":"5876","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/5876"},{"name":"win-zip-incorrect-path(10252)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"http://www.iss.net/security_center/static/10252.php"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2002-10-02T00:00:00.000Z","descriptions":[{"lang":"en","value":"The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka \"Incorrect Target Path for Zipped File Decompression.\""}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2003-02-26T10:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"MS02-054","tags":["vendor-advisory","x_refsource_MS"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054"},{"name":"5876","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/5876"},{"name":"win-zip-incorrect-path(10252)","tags":["vdb-entry","x_refsource_XF"],"url":"http://www.iss.net/security_center/static/10252.php"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2002-1139","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka \"Incorrect Target Path for Zipped File Decompression.\""}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"MS02-054","refsource":"MS","url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054"},{"name":"5876","refsource":"BID","url":"http://www.securityfocus.com/bid/5876"},{"name":"win-zip-incorrect-path(10252)","refsource":"XF","url":"http://www.iss.net/security_center/static/10252.php"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2002-1139","datePublished":"2004-09-01T04:00:00.000Z","dateReserved":"2002-09-23T00:00:00.000Z","dateUpdated":"2024-08-08T03:12:17.130Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2002-10-11 04:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:windows_98_plus_pack:*:*:*:*:*:*:*:*","matchCriteriaId":"83DE6302-A76A-44C1-A2EC-27FD1B82B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*","matchCriteriaId":"799DA395-C7F8-477C-8BC7-5B4B88FB7503"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*","matchCriteriaId":"BC176BB0-1655-4BEA-A841-C4158167CC9B"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*","matchCriteriaId":"4BF263CB-4239-4DB0-867C-9069ED02CAD7"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*","matchCriteriaId":"49693FA0-BF34-438B-AFF2-75ACC8A6D2E6"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2002","CveId":"1139","Ordinal":"1","Title":"CVE-2002-1139","CVE":"CVE-2002-1139","Year":"2002"},"notes":[{"CveYear":"2002","CveId":"1139","Ordinal":"1","NoteData":"The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka \"Incorrect Target Path for Zipped File Decompression.\"","Type":"Description","Title":"CVE-2002-1139"},{"CveYear":"2002","CveId":"1139","Ordinal":"2","NoteData":"2004-09-01","Type":"Other","Title":"Published"},{"CveYear":"2002","CveId":"1139","Ordinal":"3","NoteData":"2003-02-26","Type":"Other","Title":"Modified"}]}}}