![]() ![]() ![]() A remote user can create an archive that, when extracted by the target user, will cause files in the archive to be written to an arbitrary location on the target user's system.įiles containing the './' directory traversal characters can trigger the flaw.įor the demonstration exploit, rename '' to 'Poc.iso' and extract the PoC.iso to write a 'POC' file in the startup folder. The software does not properly validate filenames when extracting an ISO archive. A remote user can cause files to be written to arbitrary locations when extracted. Impact: Modification of system information, Modification of user informationĪ vulnerability was reported in WinISO. WinISO ISO Archive Extraction Directory Traversal Bug Writes Files to Arbitrary LocationsĬVE Reference: CVE-2006-2101 (Links to External Site) Home | View Topics | Search | Contact Us | WinISO ISO Archive Extraction Directory Traversal Bug Writes Files to Arbitrary Locations - SecurityTracker
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |