Design/Logic Flaw

2007-08-2723:17:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.3%

JSON

Unreal Commander 0.92 build 565 and 573 lists the filenames from the Central Directory of a ZIP archive, but extracts to local filenames corresponding to names in Local File Header fields in this archive, which might allow remote attackers to trick a user into performing a dangerous file overwrite or creation.

CPENameOperatorVersion
unreal_commandereq0.92.0-build565
unreal_commandereq0.92.0-build573

CPE	Name	Operator	Version
	unreal_commander	eq	0.92.0-build565
	unreal_commander	eq	0.92.0-build573

References

osvdb.org/45831

securityreason.com/securityalert/3060

www.securityfocus.com/archive/1/477432/100/0/threaded

www.securityfocus.com/bid/25419