Full Disclosure mailing list archives
Microsoft cabarc directory traversal
From: Jelmer <jkuperus () planet nl>
Date: Tue, 12 Oct 2004 15:56:35 +0200
Description: Cabarc is a command line tool to create and extract cabinet files (.cab) it is included in the Windows Support Tools package It is subject to a directory traversal bug similar to those found in unzip, unarj etc.. Technical Details: ..\file fails ../file defeats the protection Demonstration: http://62.131.86.111/security/cabarc/demo.cab Risk : low _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Microsoft cabarc directory traversal Jelmer (Oct 12)