Hispasec Lab Blog

July 2008

Links

Recent Entries

FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak(02/16 17:06)
Magellan Explorer 3.32 build 2305 Remote FTP Client Directory Traversal(09/06 20:02)
X-Diesel Unreal Commander v0.92 (build 573) multiple FTP-based vulnerabilities(09/06 19:49)
Total Commander 7.01 Remote FTP Client Directory Traversal(09/06 18:59)
Blizzard StarCraft Brood War 1.15.1 Remote DoS(08/29 14:22)
X-Diesel Unreal Commander v0.92 (build 573) multiple vulnerabilities(08/23 13:37)
Fileinfo 2.0.9 multiple vulnerabilities(08/20 21:54)

X-Diesel Unreal Commander v0.92 (build 573) multiple vulnerabilities

[Advisories]

Unreal Commander is an award winning freeware file manager for Windows 98/ME/2000/XP/2003/Vista. The application support multiple archive formats, has a built-in ftp client, and other features.

Unreal Commander fails to check user-supplied input while processing ZIP and RAR archives. A malformed ZIP or RAR file can be used to perform a directory traversal attack and place malware files in a location selected by the attacker. Successful exploitation can lead to a full compromitation of the system.

Read more at:
/advisories/adv_UnrealCommander_0_92_build_573_Multiple_Vulnerabilities.txt

Sent by Gynvael Coldwind @ 13:37 | Permalink | Comments (0) | Trackbacks (0)

<< Fileinfo 2.0.9 multiple vulnerabilities | Principal | Blizzard StarCraft Brood War 1.15.1 Remote DoS >>

Comentarios

There are no comments.

Trackbacks

Please send trackbacks to: http://blog.hispasec.nospam/lab/231/tbZ3ping
Replace "nospam" with "com"

There are no trackbacks.