X-Diesel Unreal Commander v0.92 (build 573) multiple FTP-based vulnerabilities
|
Unreal Commander is an award winning freeware file manager for Windows
98/ME/2000/XP/2003/Vista. The application support multiple archive formats, has a built-in ftp client, and other features. Unreal Commander fails to correctly handle malformed file name while downloading a remote file from a malformed FTP server to a local hard driver. This allows an attacker to perform a directory traversal attack. Successful exploitation may lead to a full scale system compromise. Unreal Commander also fails to correctly handle FTP reponses. This can lead to the application entering an infinite loop, denying service to the legitimate user. Read more at: /advisories/adv_UnrealCommander_0_92_build_573_Multiple_FTP_Based_Vulnerabilities.txt |