FilZip Remote Directory Traversal Vulnerability
BID:18375
CVE-2006-2958 |Info
FilZip Remote Directory Traversal Vulnerability
| Bugtraq ID: | 18375 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 12 2006 12:00AM |
| Updated: | Jun 12 2006 09:56PM |
| Credit: | Claus Berghamer is credited with the discovery of this vulnerability. |
| Vulnerable: |
FilZip FilZip 3.05 FilZip FilZip 3.04 |
| Not Vulnerable: | |
Discussion
FilZip Remote Directory Traversal Vulnerability
Reportedly, an attacker can carry out attacks similar to directory traversals. These issues present themselves when the application processes malicious archives.
A successful attack can allow the attacker to place potentially malicious files and overwrite files on a computer in the context of the user running the affected application. Successful exploits may aid in further attacks.
Reportedly, an attacker can carry out attacks similar to directory traversals. These issues present themselves when the application processes malicious archives.
A successful attack can allow the attacker to place potentially malicious files and overwrite files on a computer in the context of the user running the affected application. Successful exploits may aid in further attacks.
Exploit / POC
FilZip Remote Directory Traversal Vulnerability
Attackers may exploit this issue by creating a malicious archive file that includes files with directory-traversal strings ('../') in the names.
Attackers may exploit this issue by creating a malicious archive file that includes files with directory-traversal strings ('../') in the names.
Solution / Fix
FilZip Remote Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]