Lucene search

[email protected]CVE-2002-1139

HistorySep 01, 2004 - 4:00 a.m.

CVE-2002-1139

2004-09-0104:00:00

[email protected]

web.nvd.nist.gov

microsoft

windows

security

vulnerability

zip files

decompression

executable file

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.4 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.6%

JSON

The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user’s system, aka “Incorrect Target Path for Zipped File Decompression.”

Affected configurations

NVD

Node

microsoftwindows_98_plus_pack

microsoftwindows_me

microsoftwindows_xphome

microsoftwindows_xpgoldprofessional

microsoftwindows_xpsp1home

CPENameOperatorVersion
microsoft:windows_98_plus_packmicrosoft windows 98 plus packeq*
microsoft:windows_memicrosoft windows meeq*
microsoft:windows_xpmicrosoft windows xpeq*

CPE	Name	Operator	Version
microsoft:windows_98_plus_pack	microsoft windows 98 plus pack	eq	*
microsoft:windows_me	microsoft windows me	eq	*
microsoft:windows_xp	microsoft windows xp	eq	*

References

www.iss.net/security_center/static/10252.php

www.securityfocus.com/bid/5876

docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.4 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.6%

JSON

Related for CVE-2002-1139

cvelist1 nvd1 openvas2 nessus1