CVE-2007-4546

Name of the Vulnerable Software and Affected Versions Unreal Commander version 0.92 build 565 Unreal Commander version 0.92 build 573

Description The issue allows remote attackers to potentially trick a user into performing a dangerous file overwrite or creation. This is because the software lists filenames from the Central Directory of a ZIP archive but extracts to local filenames corresponding to names in Local File Header fields in the archive.

Recommendations For Unreal Commander version 0.92 build 565, avoid using the affected ZIP extraction functionality until a fix is available. For Unreal Commander version 0.92 build 573, avoid using the affected ZIP extraction functionality until a fix is available.