Winace Remote Directory Traversal Vulnerability
BID:12177
Info
Winace Remote Directory Traversal Vulnerability
| Bugtraq ID: | 12177 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 06 2005 12:00AM |
| Updated: | Jan 06 2005 12:00AM |
| Credit: | Discovery is credited to Rafel Ivgi, The-Insider <[email protected]>. |
| Vulnerable: |
Winace Winace 2.6 05 Winace Winace 2.5 |
| Not Vulnerable: | |
Discussion
Winace Remote Directory Traversal Vulnerability
Reportedly, an attacker can carry out directory traversal type attacks. These issues present themselves when the application processes malformed compressed files.
A successful attack can allow the attacker to place potentially malicious files and overwrite files on a computer, which can aid in various attacks.
All versions of Winace are considered vulnerable at the present.
Reportedly, an attacker can carry out directory traversal type attacks. These issues present themselves when the application processes malformed compressed files.
A successful attack can allow the attacker to place potentially malicious files and overwrite files on a computer, which can aid in various attacks.
All versions of Winace are considered vulnerable at the present.
Exploit / POC
Winace Remote Directory Traversal Vulnerability
An exploit is not required.
Proof of concept examples may be obtained from the following locations:
ZIP file:
http://theinsider.web1000.com/WINACE-WINHKI ZIP TRANSVERSAL.zip
GZIP file:
http://theinsider.deep-ice.com/winace gz file transversal.gz
An exploit is not required.
Proof of concept examples may be obtained from the following locations:
ZIP file:
http://theinsider.web1000.com/WINACE-WINHKI ZIP TRANSVERSAL.zip
GZIP file:
http://theinsider.deep-ice.com/winace gz file transversal.gz
Solution / Fix
Winace Remote Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.