CVE-2004-0916

Name of the Vulnerable Software and Affected Versions: cabextract versions prior to 1.1

Description: The issue allows remote attackers to overwrite arbitrary files via a cabinet file containing .. (dot dot) sequences in a filename. This is achieved by exploiting a directory traversal vulnerability.

Recommendations: For versions prior to 1.1, update to version 1.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of cabextract to minimize the risk of exploitation. Avoid using cabextract to extract files from untrusted cabinet files until the issue is resolved.