PT-2007-3299 · Archivexpert · Archivexpert

Published

2007-04-11

Updated

2017-07-29

CVE-2007-1954

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ArchiveXpert version 2.02 build 80

Description The issue allows remote attackers to create files in arbitrary directories via a .. (dot dot) in various archive file types, including .gz, .jar, .rar, .tar.gz, .zip, and .tar files.

Recommendations For ArchiveXpert version 2.02 build 80, consider restricting the ability to upload or process archive files until a patch is available. As a temporary workaround, limit access to sensitive directories to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1954

Affected Products

Archivexpert

PT-2007-3299 · Archivexpert · Archivexpert

CVE-2007-1954

Related Identifiers

Affected Products

References · 6