Lucene search

[email protected]CVE-2007-4546

HistoryAug 27, 2007 - 11:17 p.m.

CVE-2007-4546

2007-08-2723:17:00

[email protected]

web.nvd.nist.gov

cve-2007-4546

unreal commander

zip archive

remote attack

file overwrite

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.5%

JSON

Unreal Commander 0.92 build 565 and 573 lists the filenames from the Central Directory of a ZIP archive, but extracts to local filenames corresponding to names in Local File Header fields in this archive, which might allow remote attackers to trick a user into performing a dangerous file overwrite or creation.

Affected configurations

NVD

Node

x-dieselunreal_commanderMatch0.92_build565

x-dieselunreal_commanderMatch0.92_build573

CPENameOperatorVersion
x-diesel:unreal_commanderx-diesel unreal commandereq0.92_build565
x-diesel:unreal_commanderx-diesel unreal commandereq0.92_build573

CPE	Name	Operator	Version
x-diesel:unreal_commander	x-diesel unreal commander	eq	0.92_build565
x-diesel:unreal_commander	x-diesel unreal commander	eq	0.92_build573

References

osvdb.org/45831

securityreason.com/securityalert/3060

www.securityfocus.com/archive/1/477432/100/0/threaded

www.securityfocus.com/bid/25419

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.5%

JSON

Related for CVE-2007-4546

prion1 cvelist1 nvd1