Unreal Commander Malformed Archives Multiple Remote Vulnerabilities
BID:25419
Info
Unreal Commander Malformed Archives Multiple Remote Vulnerabilities
| Bugtraq ID: | 25419 |
| Class: | Unknown |
| CVE: |
CVE-2007-4546 CVE-2007-4547 CVE-2007-4545 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 23 2007 12:00AM |
| Updated: | Jul 05 2016 10:00PM |
| Credit: | Gynvael Coldwind is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
X-Diesel Unreal Commander 0.92 (build 573) X-Diesel Unreal Commander 0.92 (build 565) |
| Not Vulnerable: | |
Discussion
Unreal Commander Malformed Archives Multiple Remote Vulnerabilities
Unreal Commander is prone to multiple remote vulnerabilities when handling malformed ZIP and RAR archives. These vulnerabilities include a directory-traversal vulnerability, an information-disclosure vulnerability, and a filename-spoofing vulnerability.
An attacker can exploit these issues to compromise the affected computer, overwrite arbitrary files, and obtain sensitive information. Exploits of these issues may lead to other attacks.
Unreal Commander 0.92 (build 565) and 0.92 (build 573) are vulnerable; prior versions may also be affected.
Unreal Commander is prone to multiple remote vulnerabilities when handling malformed ZIP and RAR archives. These vulnerabilities include a directory-traversal vulnerability, an information-disclosure vulnerability, and a filename-spoofing vulnerability.
An attacker can exploit these issues to compromise the affected computer, overwrite arbitrary files, and obtain sensitive information. Exploits of these issues may lead to other attacks.
Unreal Commander 0.92 (build 565) and 0.92 (build 573) are vulnerable; prior versions may also be affected.
Exploit / POC
Unreal Commander Malformed Archives Multiple Remote Vulnerabilities
Attackers may exploit these issues by creating a malicious 'zip' or 'rar' archive.
The following proofs of concept are available:
Attackers may exploit these issues by creating a malicious 'zip' or 'rar' archive.
The following proofs of concept are available:
Solution / Fix
Unreal Commander Malformed Archives Multiple Remote Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Unreal Commander Malformed Archives Multiple Remote Vulnerabilities
References:
References: