ArchiveXpert Multiple Directory Traversal Vulnerabilities
BID:23372
Info
ArchiveXpert Multiple Directory Traversal Vulnerabilities
| Bugtraq ID: | 23372 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 09 2007 12:00AM |
| Updated: | Apr 10 2007 12:12AM |
| Credit: | Hamid Ebadi is credited with the discovery of this vulnerability. |
| Vulnerable: |
ArchiveXpert ArchiveXpert 2.02 build 80 |
| Not Vulnerable: | |
Discussion
ArchiveXpert Multiple Directory Traversal Vulnerabilities
ArchiveXpert is prone to multiple directory-traversal vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to extract files into arbitrary directories and overwrite arbitrary files. Successful exploits may aid in further attacks.
These issues affect ArchiveXpert 2.02 build 80; other versions may also be affected.
ArchiveXpert is prone to multiple directory-traversal vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to extract files into arbitrary directories and overwrite arbitrary files. Successful exploits may aid in further attacks.
These issues affect ArchiveXpert 2.02 build 80; other versions may also be affected.
Exploit / POC
ArchiveXpert Multiple Directory Traversal Vulnerabilities
Attackers may exploit these issues by creating malicious compressed files that include files with directory-traversal strings ('../') in the names.
Attackers may exploit these issues by creating malicious compressed files that include files with directory-traversal strings ('../') in the names.
Solution / Fix
ArchiveXpert Multiple Directory Traversal Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please email us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please email us at: mailto:[email protected].
References
ArchiveXpert Multiple Directory Traversal Vulnerabilities
References:
References:
- ArchiveXpert Homepage (ArchiveXpert)