Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4546

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2007-4546
Last Modified 15 Nov 2008 01:57:28
Published 27 Aug 2007 07:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4546

Summary

Unreal Commander 0.92 build 565 and 573 lists the filenames from the Central Directory of a ZIP archive, but extracts to local filenames corresponding to names in Local File Header fields in this archive, which might allow remote attackers to trick a user into performing a dangerous file overwrite or creation.

Vulnerable Systems

Application

  • X-diesel Unreal Commander 0.92 Build565

  • X-diesel Unreal Commander 0.92 Build573


References

BID - 25419

BUGTRAQ - 20070823 X-Diesel Unreal Commander v0.92 (build 573) multiple vulnerabilities

OSVDB - 45831

SREASON - 3060


Last Updated: 27 May 2016 10:45:54