CVE-2007-4756

Name of the Vulnerable Software and Affected Versions: Total Commander versions prior to 7.02

Description: A directory traversal issue exists in the FTP client, allowing remote FTP servers to create or overwrite arbitrary files using ".." sequences in a filename. These sequences are not displayed when the user lists files. This issue can be leveraged for code execution by writing to a Startup folder.

Recommendations: For versions prior to 7.02, update to version 7.02 or later to resolve the issue. As a temporary workaround, consider restricting access to the FTP client until the update is applied. Avoid using the FTP client to connect to untrusted remote FTP servers until the issue is resolved.