Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1139

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-1139
Last Modified 10 Sep 2008 03:13:56
Published 11 Oct 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1139

Summary

The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression."

Vulnerable Systems

Operating System

  • Microsoft Windows Me

  • Microsoft Windows Xp

Application

  • Microsoft Windows 98 Plus Pack


References

MS - MS02-054

XF - win-zip-incorrect-path(10252)

BID - 5876


Last Updated: 27 May 2016 10:37:12