CVE-2007-4843

Name of the Vulnerable Software and Affected Versions: X-Diesel Unreal Commander versions 0.92 build 565 through 0.92 build 573

Description: A directory traversal issue allows remote FTP servers to create or overwrite arbitrary files by including a .. (dot dot) in a filename. This can potentially be used for code execution by writing to a Startup folder.

Recommendations: For X-Diesel Unreal Commander version 0.92 build 565, update to a version that fixes this issue. For X-Diesel Unreal Commander version 0.92 build 573, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the FTP functionality until a patch is available.