PT-2007-5717 · Maxim Liadov · Unreal Commander

Published

2007-08-27

Updated

2018-10-15

CVE-2007-4546

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Unreal Commander version 0.92 build 565 Unreal Commander version 0.92 build 573

Description The issue allows remote attackers to potentially trick a user into performing a dangerous file overwrite or creation. This is because the software lists filenames from the Central Directory of a ZIP archive but extracts to local filenames corresponding to names in Local File Header fields in the archive.

Recommendations For Unreal Commander version 0.92 build 565, avoid using the affected ZIP extraction functionality until a fix is available. For Unreal Commander version 0.92 build 573, avoid using the affected ZIP extraction functionality until a fix is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-4546

Affected Products

Unreal Commander

PT-2007-5717 · Maxim Liadov · Unreal Commander

CVE-2007-4546

Related Identifiers

Affected Products

References · 5