Total Commander Arbitrary File Deletion Vulnerability

Bugtraq ID:	22033
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 12 2007 12:00AM
Updated:	Jan 15 2007 06:00PM
Credit:	The vendor reported this vulnerability.
Vulnerable:	Total Commander Total Commander 0
Not Vulnerable:	Total Commander Total Commander 6.56

Total Commander Arbitrary File Deletion Vulnerability

Total Commander is affected by an arbitrary file-deletion vulnerability because of input-validation errors that allow an attacker to delete arbitrary files and corrupt the filesystem on the affected computer.

An attacker can exploit these issues to cause a denial-of-service condition.

Total Commander versions prior to 6.5.6 are affected by this issue.

Total Commander Arbitrary File Deletion Vulnerability

Attackers can exploit this vulnerability by enticing a victim user to open a specially crafted RAR file.

Total Commander Arbitrary File Deletion Vulnerability

Solution:
The vendor has provided a fix to address this issue. Please see the references for more information.


Total Commander Total Commander 0

• Total Commander Total Commander 6.56
  http://www.ghisler.com/download.htm

Total Commander Arbitrary File Deletion Vulnerability

References:

• Total Commander Web Site (Total Commander)